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Abstract. We study the problem of identity testing for depth-3 circuits of top fanin 
k and degree d (called EIlE(fc,d) identities). We give a new structure theorem for such 

identities. A direct application of our theorem improves the known deterministic d 
time black-box identity test over rationals (Kayal & Saraf, FOCS 2009) to one that takes 
d 0(k '-time. Our structure theorem essentially says that the number of independent 
variables in a real depth-3 identity is very small. This theorem settles affirmatively the 
stronger rank conjectures posed by Dvir & Shpilka (STOC 2005) and Kayal & Saraf 
(FOCS 2009). Our techniques provide a unified framework that actually beats all known 
rank bounds and hence gives the best running time (for every field) for black-box identity 
tests. 

Our main theorem (almost optimally) pins down the relation between higher dimen- 
sional Sylvester-Gallai theorems and the rank of depth-3 identities in a very transparent 
manner. The existence of this was hinted at by Dvir & Shpilka (STOC 2005), but 
first proven, for reals, by Kayal & Saraf (FOCS 2009). We introduce the concept of 
Sylvester-Gallai rank bounds for any field, and show the intimate connection between 
this and depth-3 identity rank bounds. We also prove the first ever theorem about high 
dimensional Sylvester-Gallai configurations over any field. Our proofs and techniques 
are very different from previous results and devise a very interesting ensemble of combi- 
natorics and algebra. The latter concepts are ideal theoretic and involve a new Chinese 
remainder theorem. Our proof methods explain the structure of any depth-3 identity 
C: there is a nucleus of C that forms a low rank identity, while the remainder is a high 
dimensional Sylvester-Gallai configuration. 



1. Introduction 

Polynomial identity testing (PIT) ranks as one of the most important open problems in 
the intersection of algebra and computer science. We are provided an arithmetic circuit 
that computes a polynomial p(x\,X2, ■ ■ ■ ,x n ) over a field F, and we wish to test if p is 
identically zero (in other words, if p is the zero polynomial). In the black-box setting, 
the circuit is provided as a black-box and we are only allowed to evaluate the polynomial 
p at various domain points. The main goal is to devise a deterministic polynomial time 
algorithm for PIT. Kabanets &; Impagliazzo [KI04] and Agrawal Agr05[ |Agr06| have 



shown connections between deterministic algorithms for identity testing and circuit lower 
bounds, emphasizing the importance of this problem. To know more about the current 
state of the general identity testing problem see the surveys [Sax09l IAS09 . 

The first randomized polynomial time PIT algorithm, which was a black-box algorithm, 
was given (independently) by Schwartz [Sch80] and Zippel |Zip79 . Randomized algorithms 
that use less randomness were given by Chen & Kao |CK00j . Lewin Sz Vadhan [LV98J. 
and Agrawal & Biswas [AB03J . Klivans & Spielman [KS01] observed that even for depth-3 
circuits for bounded top fanin, deterministic identity testing was open. Progress towards 
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this was first made by Dvir & Shpilka [DS06J, who gave a quasi-polynomial time algo- 
rithm, although with a doubly-exponential dependence on the top fanin. The problem 
was resolved by a polynomial time algorithm given by Kayal and Saxena jKS07j . with 
a running time exponential in the top fanin. As expected, the current understanding 
of depth-4 circuits is even more sparse. Identity tests are known only for rather special 
depth-4 circuits jAM07| ISax08l ISV09j |KMSV09| . Why is progress restricted to such small 
depth circuits? Agrawal and Vinay |AV08] showed that an efficient black-box identity 
test for depth-4 circuits will actually give a quasi-polynomial black-box test, and subex- 
ponential lower bounds, for circuits of all depths (that compute low degree polynomials). 
Thus, understanding depth-3 identities seems to be a natural first step towards the goal 
of proving more general lower bounds. 

For deterministic black-box testing, the first results were given by Karnin & Shpilka 
[KS08]. Based on results in [DS06], they gave an algorithm for bounded top fanin depth-3 
circuits having a quasi-polynomial running time (with a doubly-exponential dependence on 
the top fanin) . The dependence on the top fanin was later improved (to singly-exponential) 
by the rank bound results of Saxena & Seshadhri |SS09| (for any F). But the time 
complexity also had a quasi-polynomial dependence on the degree of the circuit. This 
dependence is inevitable in rank-based methods over finite fields (as shown by [KS07]). 
However, over the field of rationals, Kayal & Saraf [KS09b showed how to remove this 
quasi-polynomial dependence on the degree at the cost of doubly-exponential dependence 
on the top fanin, thus giving a polynomial time complexity for bounded top fanin. In 
this work we achieve the best of the two works |SS09| and [KS09b] . i.e. we prove (for 
rationals) a time complexity that depends only polynomially on the degree and "only" 
sing/y-exponentially on the fanin. 

In a quite striking result, Kayal & Saraf |KS09b| proved how Sylvester-Gallai theorems 
can get better rank bounds over the reals. We introduce the concept of Sylvester-Gallai 
rank bounds that deals with the rank of vectors (over some given field) that have some 
special incidence properties. This is a very convenient way to express known Sylvester- 
Gallai results. These are inspired by the famous Sylvester-Gallai theorem about point-line 
incidences. We show how this very interesting quantity is tightly connected to depth-3 
identities. Sylvester-Gallai rank bounds over high dimensions were known over the reals, 
and are used to prove depth-3 rank bounds over reals. We prove the first ever theorem 
for high dimensional Sylvester-Gallai configurations over any field. 

1.1. Definitions and Previous Work. This work focuses on depth-3 circuits. A struc- 
tural study of depth-3 identities was initiated in jDS06] by defining a notion of rank of 
simple and minimal identities. A depth-3 circuit C over a field F is: 

k 



where, Tj (a multiplication term) is a product of di linear polynomials over F. Note 
that for the purposes of studying identities we can assume wlog (by homogenization) that 
£ij's are linear forms (i.e. linear polynomials with a zero constant coefficient) and that 
d\ = ■ ■ ■ = dk ='■ d. Such a circuit is referred to as a "EILE(k, d) circuit (or XII£(fc,d, n) 
depending on the context), where k is the top fanin of C and d is the degree of C. We 
give a few definitions from [DS06]. 

Definition 1. [Simple Circuit] C is a simple circuit if there is no nonzero linear form 
dividing all the Tj 's. 
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[Minimal Circuit] C is a minimal circuit if for every proper subset S C [k], X^eS-^ 
is nonzero. 

[Rank of a circuit] Every £ij can be seen as an n- dimensional vector over F. The 
rank of the circuit, rk(C), is defined as the rank of the set of all linear forms £ij 's viewed 
as n-dimensional vectors. 

Can all the forms £ij be independent, or must there be relations between them? The 
rank can be interpreted as the minimum number of variables that are required to express C. 
There exists a linear transformation converting the n variables of the circuit into rank{C) 
independent variables. A trivial upper bound on the rank (for any SIIE-circuit) is kd, 
since that is the total number of linear forms involved in C. The rank is a fundamental 
property of a £!!£(&, d) circuit and it is crucial to understand how large this can be for 
identities. A substantially smaller rank bound than kd shows that identities do not have 
as many "degrees of freedom" as general circuits, and leads to deterministic identity tests. 
Furthermore, the techniques used to prove rank bounds show us structural properties of 
identities that may suggest directions to resolve PIT for £]!£(&, d) circuits. 

The rank bounds, in addition to being a natural property of identities, have found ap- 
plications in black-box identity testing [KS08] and learning SIIS circuits |Shp09, KS09aJ. 



The result of |KS08| showed rank bounds imply black-box testers: if i?(F, k, d) is a rank 
bound for simple minimal d, n) identities over field F, then there is a deterministic 

black-box identity tester for such circuits, that runs in poly(n, d R ^' k ' d ^) F-operations. (For 
the time complexity over Q, we actually count the bit operations.) 

Dvir & Shpilka [DS06J proved that the rank of a simple, minimal T,HT,(k,d) identity 
is bounded by 2°( k \logd) k ~ 2 . This rank bound was improved to 0(k 3 log d) by Sax- 
ena & Seshadhri |SS09| . Fairly basic identity constructions show that the rank is Vt(k) 
over the reals and Q(ATogd) for finite fields [DSMl IKS071 ISS09] . Dvir & Shpilka [DSll] 
conjectured that rk(C) should be some poly(fe) over the reals. Through a very insightful 
use of Sylvester-Gallai theorems, Kayal & Saraf [KS09b] subsequently bounded the rank 
of identities, over reals, by k°( k \ This means that for a constant top fanin circuit, the 
rank of identities is constant, independent of the degree. This also leads to the first truly 
polynomial-time deterministic black-box identity testers for this case. 

Unfortunately, as soon as k becomes even f2(logra), this bound becomes trivial. We 
improve this rank bound exponentially, to 0(k 2 ), which is almost optimal. This gives a 
major improvement in the running time of the black-box testers. We also improve the 
rank bounds for general fields from 0(k 3 logd) to 0(k 2 logo!). We emphasize that we give 
a unified framework to prove all these results. Table [T] should make it easier to compare 
the various bounds. 

Kayal & Saraf [KS09bj connect Sylvester-Gallai theorems to rank bounds. They need 
advanced versions of these theorems that deal with colored points and have to prove certain 
hyperplane decomposition theorems. We make the connection much more transparent (at 
the loss of some color from the theorems) . We reiterate that our techniques are completely 
different, and employ a very powerful algebraic framework to dissect identities. This allows 
us to use as a "black-box" the most basic form of the higher dimensional Sylvester-Gallai 
theorems. 



1.2. Our Results. Before we state our results, it will be helpful to understand Sylvester- 
Gallai configurations. A set of points S with the property that every line through two 
points of S passes through a third point in S is called a Sylvester-Gallai configuration. 
The famous Sylvester-Gallai theorem states: for a set S of points in M 2 , not all collinear, 
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Table 1. Known rank bounds and black-box PIT 
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there exists a line passing through exactly two points of S. In other words, the only 
Sylvester-Gallai configuration in M 2 is a set of collinear points. This basic theorem about 
point-line incidences was extended to higher dimensions [Han65, BE67]. We introduce the 
notion of Sylvester-Gallai rank bounds. This is a clean and convenient way of expressing 
these theorems. 

Definition 2. Let S be a finite subset of the projective space FP n . Alternately, S is a 
subset of vectors in F n+1 without multiples: no two vectors in S are scalar multiples of 
each othe^ Suppose, for every set V C S of k linearly independent vectors, the linear 
span ofV contains at least k + 1 vectors of S. Then, the set S is said to be SG^-closed. 

The largest possible rank of an SG^-closed set of at most m vectors in ¥ n (for any n) 
is denoted by SGk(¥,m). 

The classic Sylvester-Gallai theorem essentially state^Jthat for all m, SG2(M, m) ^ 2. 
Higher dimensional analogues [Han65, BE67] prove that SGfc(M, m) < 2(k — 1). One of 
our auxiliary theorems is such a statement for all fields. 

Theorem 3 (SG fc for all fields). For any field ¥ and k,me N M , SG k (¥,m) < 9/clgm. 

Our main theorem is a simple, clean expression of how Sylvester-Gallai influences iden- 
tities. 

Theorem 4 (From SG^ to Rank). Let \¥\ > d. The rank of a simple and minimal 
SIIE(fc, d) identity over ¥ is at most 2k 2 + k ■ SGk(¥, d). 

Remark. If ¥ is small, then we choose an extension F' D F of size > d and get a rank 
bound with SG k (¥',d). 



When |F| > \S\, such an S is, wlog, a subset of distinct vectors with first coordinate 1. 

To see this, take an S'G2-closed set S of vectors. Think of each vector being represented by an infinite 
line through the origin, hence giving a set 5" in the projective space. Take a 2-dimensional plane P not 
passing through the origin and take the set of intersection points I of the lines in S with P. Observe that 
the coplanar points / have the property that a line passing through two points of / passes through a third 
point of /. 
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Plugging in SG^-rank bounds gives us the desired theorem for depth-3 identities. We 
have a slightly stronger version of the above theorem that we use to get better constants 



(refer to Theorem 18). 



Theorem 5 (Depth-3 Rank Bounds). Let C be a £IT£(A;, d) circuit, over fieldF, that is 
simple, minimal and zero. Then, 

• For F = R, rk{C) < 3k 2 . 

• For any ¥, rk(C) < 3k 2 (lg2d). 

As discussed before, a direct application of this result to Lemma 4.10 of [KS08J gives a 
deterministic black-box identity test for SIIS(/c, d, n) circuits (we will only discuss Q here 
as the other statement is analogous). Formally, we get the following hitting set generator 
for SnS circuits with real coefficients. 

Corollary 6 (Black-box PIT over Q). There is a deterministic algorithm that takes as 
input a triple (k,d,n) of natural numbers and in time poly(nd k ), outputs a hitting set 
WcP with the following properties: 

1) Any SITS(A;,(i, n) circuit C over R computes the zero polynomial iff Va € %, 
C(a) = 0. 

2) % has at most poly(nd k ) points. 

3) The total bit-length of each point in T~L is poly(knlogd). 
Remark. 

1) Our black-box test has quasi-polynomial in n time complexity (with polynomial- 
dependence on d) for top fanin as large as k = polylog(n), and sub- exponential in 
n time complexity (with polynomial-dependence on d) even for top fanin as large 
as k = o(y / n). This is the first tester to achieve such bounds. 

2) The fact that the points in % are integral and have "small" bit-length is important 
to estimate the time complexity of our algorithm in terms of bit operations. Thus, 
the hitting set generator takes at most poly (nd k ) bit operations to compute H. 



2. Proof Outline, Ideas, and Organization 

Our proof of the rank bound comprises of several new ideas, both at the conceptual and 
the technical levels. In this section we will give the basic intuition of the proof. The three 
notions that are crucially used (or developed) in the proof are: ideal Chinese remaindering, 
matchings and Sylvester-Gallai rank bounds. These have appeared (in some form) before 
in the works of Kayal &l Saxena |KS07| . Saxena & Seshadhri [SS09J and Kayal &: Saraf 
[KS09bJ respectively, to prove different kinds of results. Here we use all three of them 
together to show quite a strong structure in T,HT, identities. We will talk about them one 
by one in the following three subsections outlining the three steps of the proof. Each step 
proves a new property of identities which is interesting in its own right. The first two steps 
set up the algebraic framework and prove theorems that hold for all fields. The third step 
is where the Sylvester-Gallai theorems are brought in. Some (new and crucial) algebraic 
lemmas and their proofs have been moved to the Appendix. The flow of the actual proof 
will be identical to the overview that we now provide. 

2.1. Step 1: Matching the Gates in an Identity. We will denote the set {1, ... ,n} 

by [n]. We fix the base field to be F, so the circuits compute multivariate polynomials in 
the polynomial ring R := F[xi, . . . ,x n ]. 
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A linear form is a linear polynomial in R with zero constant term. We will denote the 
set of all linear forms by L(R) := {X^Li a i x t \ ai, . . . ,a n £ ¥}. Clearly, L(R) is a vector 
(or linear) space over F and that will be quite useful. Much of what we do shall deal with 
multi-sets of linear forms (sometimes polynomials in R too), equivalence classes inside 
them, and various maps across them. A list of linear forms is a multi-set of forms with an 
arbitrary order associated with them. The actual ordering is unimportant: we will heavily 
use maps between lists, and the ordering allows us to define these maps unambiguously. 
The object, list, comes with all the usual set operations naturally defined. 

Definition 7. We collect some important definitions from [SS09J: 

[Multiplication term, L(-) & M(-)] A multiplication term / is an expression in R 
given as (the product may have repeated i's), f := c • n^es"^> where c G F* and S is a list 
of nonzero linear forms. The list of linear forms in /, L(f), is just the list S of forms 
occurring in the product above. For a list S of linear forms we define the multiplication 
term of S, M(S), as IlteS & or \ if S = (j>. 

[Forms in a Circuit] We will represent a SIIS(A;,d) circuit C as a sum of k multipli- 
cation terms of degree d, C = Y2i=i ^-i- The list of linear forms occurring in C is L(C) : = 
Uie[fc] L(Ti). Note that L(C) is a list of size exactly kd. The rank of C, rk(C), is just 
the number of linearly independent linear forms in L{C). (Remark: for the purposes of 
this paper 's are given in circuit representation and thus the list L(Ti) is unambiguously 
defined from C ) 

[Similar forms] For any two polynomials f , g £ R we call f similar to g if there exists 
c G F* such that f = eg. We say f is similar to g mod I, for some ideal I of R, if there 
is some c G F* such that f = eg (mod I). Note that "similarity mod I" is an equivalence 
relation (reflexive, symmetric and transitive) and partitions any list of polynomials into 
equivalence classes. 

[Span sp(-)] For any S C L(R) we let sp(S) C L(R) be the linear span of the linear 
forms in S over the field F. (Conventionally, sp($) = {0}-) 

[Matchings] Let U,V be lists of linear forms and I be a subspace of L(R). An I- 
matching it between U, V is a bijection ir between lists U, V such that: for all £ G U , 
tt(£) £ ¥*£ + I. 

When f,g are multiplication terms, an /-matching between /, g would mean an I- 
matching between L(f), L(g) . 

We will show that all the multiplication terms of a minimal SITS identity can be 
matched by a "low" rank space. 

Theorem 8 (Matching-Nucleus) . Let C = 2i + • • • + T k be a T,ILY,(k,d) circuit that is 
minimal and zero. Then there exists a linear subspace K of L(R) such that: 

1) rk(K) < k 2 . 

2) Vi G [k], there is a K -matching Hi between T\,T{. 

The idea of matchings within identities was first introduced in [SS09J, but nothing as 
powerful as this theorem has been proven. This theorem gives us a space of small rank, 
independent of d, that contains most of the "complexity" of C. All forms in C outside 
K are just mirrored in the various terms. This starts connecting the algebra of depth-3 
identities to a combinatorial structure. Indeed, the graphical picture (explained in detail 
below) that this theorem provides, really gives an intuitive grasp on these identities. The 
proof of this involves some interesting generalizations of the Chinese Remainder Theorem 
to some special ideals. 
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Definition 9 (mat-nucleus). Let C be a minimal SIIS(A;, d) identity. The linear subspace 
K given by Theorem^ is called mat-nucleus of C . 

The notion of mat-nucleus is easier to see in the following unusual representation of the 
SITS(4, d) circuit C = X^ie[4] ^he ^ our bubbles refer to the four multiplication terms 
of C and the points inside the bubbles refer to the linear forms in the terms. The proof 
of Theorem [8] gives mat-nucleus as the space generated by the linear forms in the dotted 
box. The linear forms that are not in mat-nucleus lie "above" the mat-nucleus and are 
all (mat-nucleus)-matched, i.e. W G (L(Ti) \ mat-nucleus), there is a form similar to t 
modulo mat-nucleus in each (L(Ti) \ mat-nucleus). Thus the essence of Theorem[8]is: the 
mat- nucleus part of the terms of C has low rank k 2 , while the part of the terms above 
mat-nucleus all look "similar" . 

C:= T 1 +T 2 +T 3 +T 4 

L(T 1 )\ mat-nucleus 



LfT^jn mat-nucleus 



Proof Idea for Theorem [$| The key insight in the construction of mat-nucleus is a rein- 
terpretation of the identity test of Kayal & Saxena [KS07] as a structural result for SITE 
identities. Again, refer to the following figure depicting a SIIE(4, d) circuit C and think of 
each bubble having d linear forms. Roughly, [KS07J showed that C = iff for every path 
{vi,V2,vs) (where Vi S L(Tj)): T4 = 0(mod ^1,^2,^3) or in ideal terms, T4 E {vi,V2,vs). 
Thus, roughly, it is enough to go through all the d 3 paths to certify the zeroness of C. 
This is why the time complexity of the identity test of [KS07 is dominated by d k . 





Now if we are given a SIIS(4, d) identity C which is minimal, then we know that T% + 
T2 + T3 7^ 0. Thus, by applying the above interpretation of [KS07J to T\ + T2 + T3 we 
will get a path (i>i,i>2) such that T3 ^ {vi,vz). Since C = this means that T3 + T4 = 
0(mod v\,V2) but T^^T^ ^ 0(mod ^1,^2) (if Ta is in (v\,V2) then so will be T3). Thus, 
T3 = — T4(mod ^1,^2) is a nontrivial congruence and it immediately gives us a («i,«2) - 
matching between T^,T^ (see Lemma 44). By repeating this argument with a different 
permutation of the terms we could match different terms (by a different ideal), and finally 
we expect to match all the terms (by the union of the various ideals) . 

This fantastic argument has numerous technical problems, but they can all be taken 
care of by suitable algebraic generalizations. The main stumbling block is the presence of 
repeating forms. It could happen that (mod vi), V2 occurs in many terms, or in the same 
term with a higher power. The most important tool developed is an ideal version of Chinese 
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remaindering that forces us to consider not just linear forms V\,V2, but multiplication terms 
v\ , V2 dividing T\ , T2 respectively. We give the full proof in Section [3j (Interestingly, 
the non-blackbox identity test of [KS07] guides in devising a blackbox test of "similar" 
complexity over rationals.) 

2.2. Step 2: Certificate for Linear Independence of Gates. Theorem [8] gives us a 
space K, of rank < k 2 , that matches T\ to each term Tj. In particular, this means that 
the list Lx{Ti) := L(Tj) n K has the same cardinality d! for each i G [k]. In fact, if we 
look at the corresponding multiplication terms 7Q := M(Lx(Ti)), i G [k], then they again 
form a £!!£(&;, <i') identity! Precisely, C = Ylielk] a i^-i f° r some a i' s hi ^* ( see Lemma 



46) is an identity. We would like C to somehow mimic the structure of C. Of course 
C is simple but is it again minimal? Unfortunately, it may not be. For reasons that 
will be clear later, minimality of C would have allowed us to go directly to Step 3. Now 
step 2 will involve increasing the space K (but not by too much) that gives us a C that 
"behaves" like C. Specifically, if Tx, ... ,7V are linearly independent (i.e. $ (3 G ¥ k \ {0} 
s - t - ^2ie[k'] Pi T i = °)> tnen so are #1, ... , K k i. 

Theorem 10 (Nucleus). Let C = X^ieffc]-^ a m ^ma/ T,HY^(k, d) identity and let 
{Ti\i 61} be a maximal set of linearly independent terms (1 ^ k! := \I\ < k). Then there 
exists a linear subspace K of L(R) such that: 

1) rk(K) < 2k 2 . 

2) Vi G [k], there is a K -matching iri between Ti,Tj. 

3) (Define Vz G I, Ki := M(L^-(Tj))J The terms {Ki\i G X} are linearly indepen- 
dent. 

Definition 11 (nucleus). Let C be a minimal XIl£(A;,<i) identity. The linear subspace K 



given by Theorem\T^ is called the nucleus of C. By Lemma 46, the subspace K induces 
an identity C = J2ie[k] a i^i which we call the nucleus identity. 

The notion of the nucleus is easier to grasp when C is a SIIS(fe, d) identity that is 
strongly minimal, i.e. Xi,...,Tfc_i are linearly independent. Clearly, such a C is also 
minimaj^j For such a C, Theorem 10 gives a nucleus K such that the corresponding 
nucleus identity is strongly minimal. The structure of C is very strongly represented by 
C' . As a bonus, we actually end up greatly simplifying the polynomial-time PIT algorithm 
of Kayal & Saxena [KS07J (although we will not discuss this point in detail in this paper). 



Proof Idea for Theorem] 1C\ The first two properties in the theorem statement are already 
satisfied by mat-nucleus of C. So we incrementally add linear forms to the space mat- 
nucleus till it satisfies property (3) and becomes the nucleus. The addition of linear forms 
is guided by the ideal version of Chinese remaindering. For convenience assume T\, T2, T3 
to be linearly independent. Then, by homogeneity and equal degree, we have an equivalent 



ideal statement: T2 £ (Ti) and T3 ^ (Ti,T2) (see Lemma 42). Even in this general setting 
the path analogy (used in the last subsection) works and we essentially get linear forms 
V\ G L(Ti) and vi G HT2) such that: T2 ^ {v\) and T3 ^ (vi,t>2)- We now add these 
forms Ui,t>2 to the space mat-nucleus, and call the new space K. It is expected that the 
new 7^1,1^2,-^3 are now linearly independent. 

Not surprisingly, the above argument has numerous technical problems. But it can be 
made to work by careful applications of the ideal version of Chinese remaindering. We 
give the full proof in Section |4j 

"*If for some proper S C [k], X^ss = ~52ies Ti — then linear independence of Ti, . . . , Tk-i is violated. 
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2.3. Step 3: Invoking Sylvester- Gallai Theorems. We make a slight, but hopefully 
interesting, detour and leave depth-3 circuits behind. We rephrase the standard Sylvester- 
Gallai theorems in terms of Sylvester- Gallai closure (or configuration) and rank bounds. 
This is far more appropriate for our application, and seems to be very natural in itself. 

Definition 12 (SG^-closed). Let k G N >x . Let S be a subset of non-zero vectors in ¥ n 
without multiples: no two vectors in S are scalar multiples of each othe^ Suppose that 
for every set V of k linearly independent vectors in S, the linear span of V contains at 
least (k + 1) vectors of S. Then, the set S is said to be SG^-closed. 

We would expect that if S is finite then it will get harder to keep S SG^-closed as rk(S') 
is gradually increased. This intuition holds up when F = R. As we mentioned earlier, the 
famous Sylvester-Gallai Theorem states: if a finite S C K n is SG2-closed, then rk(S') ^ 2. 
It is optimal as the line S := {(1, 0), (1, 1), (1, 2)} has rank 2 and is SG2-closed. 

In fact, there is also a generalization of the Sylvester-Gallai theorem known (as stated 
in Theorem 2.1 of [BE67]) : Let S be a finite set in WP 2t spanning that projective space. 
Then, there exists a t-flat H such that \H n S\ = t + 1, and H is spanned by those points 
HHS. 

Let S C M n be a finite set of points with first coordinate being 1 and let k > 2. We claim 
that if S is SG^-closed, then rk(S) ^ 2(k — 1). Otherwise the above theorem guarantees k 
vectors V in S whose (k — l)-flat H has only k points of S. If sp(V) has a point s £ S \ V 
then as S has first coordinates 1, it would mean that a convex linear combination of V (i.e. 
sum of coefficients in the combination is 1) is s. In other words, s 6 H, which contradicts 
H having only k points of S. Thus, sp(V^) also has no point in S \ V, but this contradicts 
SGfc-closure of S. This shows that higher dimensional Sylvester-Gallai theorem implies 
that if S is SG^-closed then rk(5) ^ 2{k — 1). We prefer using this rephrasal of the higher 
dimensional Sylvester-Gallai Theorem. This motivates the following definitions. 

Definition 13 (SG operator). Let k,m<E N >:L . 

[SGfc(-, •)] The largest possible rank of an SGk-closed set of at most m points in ¥ n is 
denoted by SGk(¥,m). For example, the above discussion entails 5Gfc(lR, m) ^ 2(k — 1) 
which is, interestingly, independent of m. (Also verify that SGfz(W,m) < SGy{¥\m') for 
k^k', m^m' andFC ¥'.) 

[SGfc(-)] Suppose a set S C F n has rank greater than SGk(¥,m) (where #5 ^ m). 
Then, by definition, S is not SGk-closed. In this situation we say the fc-dimensional 
Sylvester-Gallai operator SGk(S) (applied on S) returns a set of k linearly independent 
vectors V in S whose span has no point in S \V . 

The Sylvester-Gallai theorem in higher dimensions can now be expressed succintly. 

Theorem 14 (High dimension Sylvester-Gallai for R). [Han65l IBE67] SG k {R,m) ^ 2(fe- 
!)• 

Remark. This theorem is also optimal, for if we set S to be a union of (k — 1) "skew 
lines" then S has rank 2(k — 1) and is SG^-closed. For example, when k = 3 define 
S := {(1,1,0,0), (1,1, 1,0), (1,1,2,0)} U {(1,0,1,0), (1,0,1,1), (1,0,1, 2)}. It is easy to 
verify that rk(S') = 4 and the span of every three linearly independent vectors in S 
contains a fourth vector! 



4 This is just a set of elements in the projective space FP n 1 , but this formulation in terms of vectors is 
more convenient for our applications. 
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Using some linear algebra and combinatorial tricks, we prove the first ever Sylvester- 
Gallai bound for all fields. The proof is in Section [6j where there is a more detailed 
discussion of this (and the connection with LDCs). 

Theorem g (SG fc for all fields). For any field F and k,m G N >1 , SG fc (F,m) < 9/clgm. 
2.3.1. Back to identities. Let C be a simple and strongly minimal SIIS(fc,d) identity. 



Theorem 10 gives us a nucleus K, of rank < 2k 2 , that matches T\ to each term T». As 
seen in Step 2, if we look at the corresponding multiplication terms K{ := M(Ljf(Tj)), 
i G [k], then they again form a SIIS(fc, d!) "nucleus identity" C = J2ie[k] a i^ii f° r some 
aj's in F*, which is simple and strongly minimal. Define the non-nucleus part of Tj as 
L c K {Ti) := L(Ti) \ K, for all j G [k] (c in the exponent annotates "complement", since 
L(Ti) = Lx{Ti) U L c K (Ti)). What can we say about the rank of L c K (Ti) ? 

Define the non-nucleus part of C as L C K (C) := Uieffc] ^ifC^)- Our § oa l m Step 3 is to 
bound rk(L^-(C) mod K) by 2k when the field is R. This will give us a rank bound of 
ik(K)+ rk(L^-(C)mod K) < (2k 2 + 2k) for simple and strongly minimal TiUT l (k,d) iden- 
tities over M. The proof is mainly combinatorial, based on higher dimensional Sylvester- 
Gallai theorems and a property of set partitions, with a sprinkling of algebra. 

We will finally apply SG& operator not directly on the forms in L(C) but on a suitable 
truncation of those forms. So we need another definition. 

Definition 15 (Non-if rank). Let K be a linear subspace of L(R). Then L(R)/K is again 
a linear space (the quotient space,). Let S be a list of forms in L(R). The non-ET rank of 
S is defined to be rk(Smod K) (i.e. the rank of S when viewed as a subset of L(R) / K ) . 

Let C be a £IIE(fc, d) identity with nucleus K . The non-K rank of the non-nucleus part 
L c K (Ti) is called the non-nucleus rank of T{. Similarly, the non-K rank of the non-nucleus 
part L C K (C) := Uie[fe] -^ifC^) * s called the non-nucleus rank of C . 

We give an example to explain the non-JC rank. Let R = ¥[z\,--- ,z n ,yi,--- ,y m ]. 
Suppose K = sp(zi, • • • , z n ) and S C L(R). We can take any element t in S and simply 
drop all the z% terms, i.e. 'truncate' z-part of I. This gives a set of linear forms over the 
y variables. The rank of these is the non-K rank of S. 

We are now ready to state the theorem that is proved in Step 3. It basically shows a 
neat relationship between the non-nucleus part and Sylvester-Gallai. 

Theorem 16 (Bound for simple, strongly minimal identities). Let |F| > d. The non- 
nucleus rank of a simple and strongly minimal £![£(&, d) identity over F is at most 
SG k ^(¥,d). 

Given a simple, minimal T,UT,(k,d) identity C that is not strongly minimal. Let 
Ti,...,Tfc/ be linearly independent and form a basis of {Ti\i G [k]}. Then it is clear 
that 3a G F fe ' \ {0} such that Eie[ft'] a ^ + T k' 

is a strongly minimal T,IlT l (k",d) iden- 
tity (for some 1 < k" < k' + 1). Hence, we could apply the above theorem on this identity 
and get a rank bound for the non- nucleus part. The only problem is this fanin-fc" iden- 
tity may not be simple. Our solution for this is to replace Tfc/ +1 by the suitable linear 
combination of {Ti\i G [k']} in C and repeat the above argument on the new identity. In 
Section |5.2| we show this takes care of the whole non- nucleus part and bounds its rank by 
k ■ SGjfc(F, d). To state the theorem formally, we need a more refined notion than the fanin 
of a SIIS circuit. 

Definition 17 (Independent-fanin) . Let C = Ylie.[k] be a T,HY,(k,d) circuit. The 
independent-fanin of C, ind-fanin(C) , is defined to be the size of the maximal T C [k] 
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such that {Ti\i G 1} are linearly independent polynomials. (Remark: If ind-fanin{C) = k 
then 0. Also, for an identity C , C is strongly minimal iff ind-fanin(C) = k — 1.) 

We now state the following stronger version of the main theorem. 

Theorem 18 (Final bound). Let |F| > d. The rank of a simple, minimal T,UT,(k,d), 
independent- fanin k' , identity is at most 2k 2 + (k — k') ■ SGf.i(¥, d). 

Remark: In particular, the rank of a simple, minimal d) identity over reals is at 

most 2k 2 + (k — k') ■ SG fc /(R, d) < 2k 2 + (k- k')2{k' - 1) < 3/c 2 , proving the main theorem 
over reals. Likewise, for any F, we get the rank bound of 2k 2 + (k - k') ■ SG k >(F,d) < 
2k 2 + (k — k')9k' lg d < 2k 2 + lg d < 3k 2 lg 2d, proving the main theorem. 



Proof Idea for Theorem 16. Basically, we apply the SGfc(-) operator on the non-nucleus 
part of the term T\, i.e. we treat a linear form ^ i a^Xj as the point (1, — , . . . , ^ rL ) G F™ 
for the purposes of Sylvester-Gallai and then we consider SGk{L c K (T\)) assuming that 
the non- nucleus rank of T\ is more than SGfe(F, d). This application of Sylvester-Gallai 
is much more direct compared to the methods used in [KS09b| . There, they needed 
versions of Sylvester-Gallai that dealt with colored points and had to prove a hyperplane 
decomposition property after applying essentially a SG fc o(/e)(-) operator on L(C). Since, 
modulo the nucleus, all multiplication terms look essentially the same, it suffices to focus 
attention on just one of them. Hence, we apply the SG^-operator on a single multiplication 
term. 

To continue with the proof idea, assume C is a simple, strongly minimal £IT£(fe, d) 
identity with terms {Ti\i G [k]} and let K be its nucleus given by Step 2. It will be 
convenient for us to fix a linear form yo £ L(R)* and a subspace U of L(R) such that 
we have the following orthogonal vector space decomposition L{R) = Fyo © U © K (i.e. 
i G Fyo n U implies I = and i G (Fyo © U) Pi K implies t = 0). This means for any form 
£ G L(R), there is a unique way to express t = ay^ + u + v, where a G F, u G U and v G K. 
Furthermore, we will assume wlog that for every form £ G L C K {T\) the corresponding a is 



nonzero, i.e. each form in L c K (Ti) is monic wrt yo ( see Lemma 40) 



Definition 19 (trun(-)). Fix a decomposition L(R) = Fyo © U © K. For any form 
i G L C K {T\), there is a unique way to express I = ago + u + v, where a G F*, u G U and 
v G K. 

The truncated form trun(^) is the linear form obtained by dropping the K part and 
normalizing, i.e. trun(£) := yo + a~ 1 u. 

Given a list of forms S we define trun(S) to be the corresponding set (thus no repetitions) 
of truncated forms. 

To be precise, we fix a basis {yi, . . . , y r wm} of U so that each form in trun(L^(Ti)) 
has representation yo + J2i>i a iVi ( a «' s e "0- We view each such form as the point 
(1, a\, . . . , a rk ([/)) while applying Sylvester-Gallai on trun(L^(Ti)). Assume, for the sake 
of contradiction, that the non-nucleus rank of T\, rk(trun(L^-(Ti))) > SGfc(F, d) then (by 
definition) SGfc(trun(L^-(Ti))) gives k linearly independent forms £±,...,1^ G (yo + U) 
whose span contains no other linear form of trun(L^(Ti)). 

For simplicity of exposition, let us fix k = 4, K spanned by z's, U spanned by y's and 
h = Vo+Vi (i G [4])- Note that (by definition) trun(ay + ]Ci PiVi) = Vo + J2i aVi- 

We want to derive a contradiction by using the SG4-tuple (yo + yi , yo + y2 , yo + U3 > Ho + Va) 
and the fact that C is a simple, strongly minimal SII$](4, d) identity. The contradiction is 
easy to see in the following configuration: Suppose the linear forms in C that are similar 
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to a form in U ig r 4 i(yo + Hi + K) are exactly those depicted in the figure. Let us consider 
C modulo the ideal I := (yo + y\ + z±, yo + 2/2 + ^2, — 2/o — 2/4 + -22)- It is easy to see that 
these forms (call them £[,£'2, £4) "kill" the first three gates, leaving C = T4(mod I). As C 
is an identity this means T4 £ /, thus there is a form £ £ L(Ti) such that £ £ sp(£' 1 , £ 2 > ^4)- 
Now none of the forms i'i,£'2, £'4 divide T 4 . Also, their non-trivial combination, say a^+Z?^ 
for aj3 7^ 0, cannot occur in L(T 4 ). Otherwise, by the matching property trun(a£' 1 +/3£ 2 ) = 
(a + /3) _1 (a^i + $£2) will be in trun(L^(Ti)). This contradicts the £iS being a SG 4 -tuple. 
Thus, T4 cannot be in /, a contradiction. This means that the non- nucleus rank of 
T\ is < SG4(F, d), which by matching properties implies the non-nucleus rank of C is 
<SG 4 (¥,d). 



C: = 



T 1 +T 2 +T 3 +T 4 




Nucleus K 



We were able to force a contradiction because we used a set of forms in an SG-tuple 
that killed three terms and "preserved" the last term. Can we always do this? This is 
not at all obvious, and that is because of repeating forms. Suppose, after going modulo 
form £, the circuit looks like x 3 y + 2x 2 y 2 + xy 3 = 0. This is not simple, but it does not 
have to be. We are only guaranteed that the original circuit is simple. Once we go modulo 
£, that property is lost. Now, the choice of any form kills all terms. In the figure above, 
(yo + Vi + zi i yo + 2/2 + Z2 , yo + y3 + zz) does not yield a contradiction. We will use our more 
powerful Chinese remaindering tools and the nucleus properties to deal with this. We 
have to prove a special theorem about partitions of [k] and use strong minimality (which 
we did not use in the above sketch). The full proof is given in Section 5.1 



3. Matching the Terms in an Identity: Construction of mat-nucleus 

3.1. Chinese Remaindering for Multiplication Terms. Traditionally, Chinese re- 
maindering is the fact: if two coprime polynomials (resp. integers) /, g divide a polyno- 
mial (resp. integer) h then fg divides h. The key tool in constructing mat-nucleus is 
a version of Chinese remaindering specialized for multiplication terms but generalized to 
ideals. Similar methods appeared first in [KS07] but we turn those on their head and give 
a "simpler" proof. In particular, we avoid the use of local rings and Hensel lifting. 

Definition 20 (Radical-span). Let S := {/1, . . . , f m } be multiplication terms generating 
an ideal I. Define linear space radsp(S) := sp(L(fi) U . . . U L(f m )). 

When the set of generators S are clear from the context we will also use the notation 
radsp(I). Similarly, radsp(I,f) would be a shorthand for radsp(S U {/}). 

Remark. Radical-span is motivated by the radical of an ideal but it is not quite that, for 
example, radical(xf , X1X2) = (x\) but radsp(xf , X1X2) = sp(x\,X2)- It is easy to see that 
the ideal generated by radsp always contains the radical ideal. 

Now we can neatly state Chinese remaindering as an ideal decomposition statement. 
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Theorem 21 (Ideal Chinese remaindering). Let fx, . . . , f m , z, f, g be multiplication terms. 
Define the ideal I := (fi, . . . ,f m ). Assume L{z) C radsp(I) while, L(f) n radsp(I) = 
and L{g) n radsp(I, /) = 0. I7»en, (I, zfg) = (I, z) n (J, /) D (J, <?> • 

Proof. If ft is a polynomial in (J, 2/5) then clearly it is in each of the ideals (I, 2), (I, /) 
and (I,g). 

Suppose ft is a polynomial in (I,z) n (I,/) H (I,g). Then by definition there exist 
ii, «2j 23 G / and a,b,c £ R such that, 

ft = ii + az = i 2 + bf = is + eg. 

The second equation gives bf £ (I, z). Since L(f) n radsp(I, 2) = L(/) n radsp(I) = 0, 
repeated applications of Lemma 41 give us, b G (I,z). Implying 6/ G {I,z)f C (I,zf), 
hence h = i 2 + bf £ (I, zf). This ensures the existence of ^ G / and a polynomial 6' such 
that, 

ft = i' 2 + b'zf = i 3 + eg. 

Again this system says that eg G (I, zf). Since -L(g)nradsp(I, zf) = L(g)nr&dsp(I , /) = 
0, repeated applications of Lemma 41 give us c G {I,zf). Implying eg G (I,zf)g C 
(J, 2/5), hence h = is + eg £ (I, zfg). This finishes the proof. □ 

The conditions in this theorem suggest that factoring a multiplication term / into parts 
corresponding to the equivalence classes of "similarity mod radsp(/)" would be useful. 

Definition 22 (Nodes). Let f be a multiplication term and let I be an ideal generated 
by some multiplication terms. As the relation "similarity mod radsp(I) " is an equivalence 
relation on L(R), it partitions, in particular, the list L(f) into equivalence classes. 

[repj(/)] For each such class pick a representative li and define repj(f) := . . . , £ r }. 
(Note that form can also appear in this set, it represents the class L{f) n radsp(I).) 

[nod/(/)] For each ii £ repj(f), we multiply the forms in f that are similar to £{ mod 
radsp(I). We define nodes of / mod I as the set of polynomials nodj(f) := {M(L(f) n 
(¥*£+ radsp(I))) \ t £ repj(f)}. (Remark: When I = {0}, nodes of f are just the coprime 
powers- of- forms dividing f .) 

[...wrt a subspace] Let K be a linear subspace of L{R). Clearly, the relation "sim- 
ilarity mod K" is an equivalence relation on L(R). It will be convenient for us to also 
use notations rep K (f) and nodfeif)- They are defined by replacing radsp(I) in the above 
definitions by K. 

Observe that the product of polynomials in nod/(/) just gives /. Also, modulo radsp(J), 
each node is just a form-power t r . In other words, modulo radsp(J), a node is rank-one 
term. The choice of the word "node" might seem a bit mysterious, but we will eventually 
construct paths through these. To pictorially see what is going on, think of each term Tj 
as a set of its constituent nodes. 

We prove a corollary of the ideal Chinese remaindering theorem that will be very helpful 
in both Steps 1 and 2. 

Corollary 23. Let h £ R, f be a multiplication term, and let I be an ideal generated by 
some multiplication terms. Then, h ^ (J, /) iff^g £ nodi(f) such that h ^ (I,g)- 

Proof. If ft ^ (L,g), for some g £ nodj(f), then clearly ft ^ (J, /). 

Conversely, assume ft ^ (I, f). Let rep/(/) = {£1, . . . ,£ r } and correspondingly, nod/(/) = 
{<7i, . . . , g r }. If r = 1 then / is similar to g\, hence ft ^ (I, g\) and we are done. So assume 
r > 2. Also, in case L{f) has a form in radsp(J), assume wlog l\ is the representative of 
the class L(f) n radsp(J). Define Gi := W^j^g-i-, for all i £ [r — 1]. 
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We claim that for all i G [r — 1], L[Gj) n radsp(J, ft) = 0. Otherwise 3£ G L[Gj) such 
that either ^ G radsp(J) or ^ G (F*£j + radsp(/)). Former case contradicts i\ being the 
representative of the class L(f) n radsp(J), while the latter case contradicts £i+i, . . . ,£ r 
being non-similar to ti mod radsp(I). Thus, for all i G [r — 1], L{Gi) n radsp(J, ft) = 0, 



and by applying Theorem 21 on (I,ftGj) for each i £ [r - 1], we deduce: 

\ ie[r] / ie[r] 

Thus, /i ^ (/, /) implies the existence of some i G [r] such that h ^ (/, ft). □ 

3.2. Applying Chinese Remaindering to SIIS Circuits. We showed the effect of 
ideal Chinese remaindering on a single multiplication term / in Corollary [23} Now we 
show the effect on a tuple of multiplication terms, for example, appearing in a SITS 
circuit. We then need, quite naturally, a notion of path of nodes. 

Definition 24 (Paths). Let I be an ideal generated by some multiplication terms. Let 
C = J2it=[k]Ti be a THE(k, d) circuit. Let vi be a sub-term of Ti (i.e. L(vi) C L{Ti)), 
for all i G [k]. We call the tuple (J, v\, . . . , u&) a path of C mod I if, for all i G [k], 
V{ G nodn Vl v-^iTi). is of length k. (Remark: We have defined path p as a tuple 
but, for convenience, we will sometimes treat it as a set of multiplication terms, eg. when 
operated upon by sp(-), (■), radsp(-), etc.) 

Conventionally, when k = the circuit C has just "one" gate: 0. In that case, the only 
path C has is (I), which is of length 0. 

We also define, for any subset S C [k], the sub-circuit Cs ■= Y^seS^- 

For anie{0,...,k- 1}, define [i]' := [k] \ [i\. We set [0] := and C := 0. 

We now show that if C is a nonzero £]!£(£;, d) circuit then 3i G {0, . . . , k — 1}, such 
that C[j] has a path p for which, C (mod (p)) is nonzero and similar to some multiplication 
term. This rather special path inside C can be seen as a certificate for the nonzeroness. 
The rank of the linear forms appearing in this path can be at most i + rk(radsp(/)), since 
the rank of each node is one, modulo the radical-span of the previous nodes in the path. 
Hence, it is a low-rank certificate for the nonzeroness of C. 

Theorem 25 (Certificate for a Non-identity). Let I be an ideal generated by some multi- 
plication terms. Let C = X^iG[fc] ^* be a T,UT,(k,d) circuit that is nonzero modulo I. Then 
3i G {0, . . . , k — 1} such that C^j mod I has a path p satisfying: C^y = a ■ T + \ ^ [mod p) 
for some a G F*. 

Before we prove the theorem, we make an aside observation. If the reader has kept the 
mental picture of the terms as consisting of rank-one (modulo radsp(/)) nodes, then the 
notion of a path has some meaning. A path p kills the terms that is passed through, and 
collapses remaining circuit into a single term. This is very reminiscent of the poly-time 
algorithm of Kayal & Saxena |KS07| . Indeed, this theorem is a (shorter) proof of the 
correctness of the algorithm. Why? Consider the path p given by the theorem when 
I is the zero ideal. The path p can be represented by a list of at most k 'forms' in 
L(C). This path comes from some Cm, which means that Cm = 0(modp). So, we get 
that C = a ■ T + \ ^ 0(mod p). Since T + \ is a product of linear forms, it is easy to 
algorithmically check if C = 0(mod p). If C is identically zero, such a path cannot exist. 
Since there are at most d k different paths, we can exhaustively check all of them. That 
yields an alternative view of [KS07j]'s test. 
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Proof. Fix an i G {0, . . . , k — 1} and a path p of Cm mod I such that: 

1) C[i]' ^ (?) and, 

2) the set Jj := {j G [i]' | X) ^ (p)} 7^ is the smallest possible (over all i). 

Note that for values i = 0, p = (I), the condition (1) is satisfied and the corresponding 
Ji 7^ 0. Thus, there also exist i and p satisfying both the conditions (1) and (2). 

Let j* be the smallest element in Jj. This means that for every m, i < m < j* , T m G (p). 



This means, by repeated applications of Lemma |41| v m : — -^(-^radsp(p) {T m )) G (p). Thus, 
(p) = (pU {v m \i < m < j*}). This makes q := (p^(v m \i < m < j*)) also a path of Cu»_ 1 ] 
mod /. We now claim that q is the path promised in the theorem statement. 

Note that Cu*_\y = Cuy (mod p) and Cuy ^ (p) = (q), in other words, path q also 
satisfies: 

1) C[j*-i]< ^ (g) and, 

2) the set Jj*-i = {j € [j* — 1]' | Tj ^ (q)} = J{ is still the smallest possible. 



If Cy*_iy ^ {q,Tj*) then, by Corollary 23, there exists Vj* 6 nod^(Tj*) such that Cu*_i|/ 
^ (g, fj*), hence Cy*]/ = Cu*_iy — Tj* uj*}. Define q' := (q, ^j*)) clearly it is a path of 
Cu*] mod I. Wrt this path q' , Jj* C Jj\{j*} C Jj together with Cy*y ^ (g'), contradicting 
the minimality assumption on i. Thus, we assume Cy*_iy G (q,Tj*). By Lemma 42, this 
guarantees the existence of an a G F such that, 

(Py-lY ~ aT i") G (9) = (p)- 
Since C[j»_ 1 ]/ = C^y ^ (mod p), the above equation can be rewritten as: 

Cu«_i]/ = aTj* ^ (mod (g)). 

Thus, finishing the proof (a nonzero is implied). □ 

Remark. The above theorem is quite powerful, for instance, it only needs the non- 
zeroness of C mod / without referring to any simplicity or minimality requirements. 

3.3. Using Minimality to get mat-nucleus. If we are given a circuit that is zero & 



minimal (may not be simple) then a repeated application of Theorem 25 gives us a space 
mat-nucleus that matches all the multiplication terms of C. 

Theorem [8] (Matching-Nucleus). Let C = T\ H h T k be a EIIS(A;,d) circuit that is 

minimal and zero. Then there exists a linear subspace K of L{R) such that: 

1) rk(iT) < k 2 . 

2) Vz G [fc] , there is a JC- matching 7Tj between Ti , Tj . 

Proof. The proof is an iterative process with at most k rounds. We maintain a set V, 
containing paths of some sub-circuits of C, and an undirected graph G = ([k],E). For 
convenience, define U := radsp(p|p G V) (i.e. consider each pathp as a set of multiplication 
terms, take the union of all these sets, and compute its radical-span). The invariant at 
the end of each round is: (i,j) G E iff T,Tj are [/-matched. At the end of round we 
assume, V := {(0)} and E := {(i,j) G [k] 2 \ T,Tj are similar}. We want to eventually 
make G a connected graph (infact a k-clique) by keeping rk(C7) as small as possible. 

Suppose the invariant holds till the end of some round (r— 1) > 0. If G is connected then 
the process stops at round (r — 1). Otherwise, we will show how to decrease the number 
of connected components of G in round r. Say, G has a maximal connected component on 
vertices S C [k]. Since C5 7^ (by minimality), we can apply Theorem [25] on Cs mod (0) 
to get a path ps inside Cs mod (0) such that 3i G S, Cs = aTi ^ (mod ps) for some 
a G F*. 
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Define S' := [k] \ S. Now, 
(1) C = C s > + aTi = (mod Ps ). 

This means C$' ^ {ps} (otherwise aTj G (ps), a contradiction). Thus, we can apply 



Theorem 25 on Cg' mod (ps) to get a path pgi inside Cg> mod (ps) such that, C$' = 
f3Tj ^ 0(mod ps>), for some /3 G F*. This allows us to rewrite Equation ([I]) as: 

aTi = —f3Tj ^ (mod ps>) 

Define K' := radsp(p£/). As p$> is, after all, a path of some sub-circuit of C mod (0), of 
length at most — 1 + \S'\ — 1 = k — 2, we deduce that ik(K') < (k — 1). Also, by Lemma 



441 the above congruence implies a X'-matching between Tj and Tj. We append the path 
Ps> to V and update U. Note that for any edge (i, i') in the connected component 5, 
and for any edge (j,f) in the connected component S (of vertex j): since Tj,Xj/ are still 
[/-matched; Tj,Tjr are still [/-matched; T,Tj are newly if '-matched; gives us that Xj/,Tj/ 
are newly [/-matched. In other words, the two different connected components S and S 
of G will now form a bigger connected component (infact a clique) when we update the 
graph as, E := {(o, b) G [A:] 2 | T a ,Tb are [/-matched}. 

So in every round we are increasing rk([/) by at most (k — 1), maintaining the invariant, 
and decreasing the number of connected components in G by at least one. Thus, after at 
most {k — 1) repetitions we get a U that matches Ti,Tj, for all i £ [k], and rk([/) < k 2 . 
We define this [/ as K, finishing the proof. □ 

4. Certificate for Linear Independence of terms: Constructing nucleus 

Suppose we have multiplication gates T\,...,Ty and a space K' of L(R) such that 
T\,Ti is -fT'-matched, for all i G [k'\. We show in this section that if T%, . . , , TV are linearly 
independent (i.e. $]}€ ¥ k ' \{0} s.t. Eie[fc'] ^ = °) then K ' 

can be extended to a linear 

space K of rank at most (rk(fT') + fc' 2 ) such that: M(Lk{T\)), . . . , M(Lfc(Tk')) are also 
linearly independent. This will prove Theorem |10| 

(Nucleus). Let C = XyieFfe] ^ e a m i n i ma l d) identity and let 
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Theorem 

{Ti\i G X} be a maximal set of linearly independent terms (1 ^ k' := \T\ < k). Then there 
exists a linear subspace K of L(R) such that: 

1) rk(if) < 2k 2 . 

2) Vi G [&], there is a if- matching 7Tj between Ti,Tj. 

3) (Define Vi G X, -fQ := M(L^-(Tj)).) The terms G X} are linearly independent. 

Proof. For convenience, and wlog, assume X = [k'\. The proof is an iterative process with 
at most k' 2 iterations, and gradually builds the promised space K. Each iteration of the 
process maintains a space U of L(R) which is intended to grow at each step and bring 
us closer to K. For convenience, define Ui := M(Ljj(Ti)), for all i G [k']. Also for each 
i G {2, . . . , k'}, define ideal Xj := (U\, . . . , 

The process has two nested iterations, or phrased differently, a double induction. We 
will call the outer "loop" a phase, and the inner loop a round. In each round the rank of 
U increases by at most 1, and the i-th phase has at most i rounds. At the end of the i-th 



phase (i > 2), we will ensure Tj ^ Xj. (Remark: By Lemma 41 this is equivalent to ensuring 



Ui G" Xj, which by Lemma 42 means that Ui is linearly independent of U\, . . . , 

In the first phase we set U := K' , where K' is the matching- nucleus obtained by 
applying Theorem[8]on C. This immediately gives us property (2) promised in the theorem 
statement, i.e. the matching property. Also, rk([/) < k 2 at the end of the first phase. 



SG CONFIGURATIONS & RANK BOUNDS 



17 



Now the second phase. As T\,T^ are linearly independent, we get, by Lemma 42 



that T2 ^ (Ti). By an application of Corollary 23 3v G nod( )(7i) such that T2 ^ (17 
We update U <— (U + radsp(u)). Note that after updation T2 ^ (U\) = I2 (otherwise 
T 2 G (Ui) C (v), since w|l7i). 

Now, for the i > 2 phase. Inductively, we assume that Vr < i, T r ^ I r (remember that 
all these ideals are wrt the current U). The phase consists of various rounds. At the end 
of the j-th round (1 ^ j < i), we just want to ensure Tj ^ (Ui, . . . ,Uj, • • • , Ti-i). 
So we do nothing in the j-th round unless this is violated. What do we do when it is 
violated? 

Claim 26. Let i > 2 and 1 ^ j < i. Suppose Vr < i, T r ^ (f7i, . . . , J7 r _ 1). Suppose 
Ti G (C/i, ■ ■ • ,Uj,T j+ i,--- ,Tj_i) 6u£ Tj ^ (Z7i, • • ■ ,Uj-i,Tj,--- ,Tj_i). T/iere exists a 
-U G nod(jj 1 ... such that for the updated U' <— (U + radsp(v)) we have Ti ^ 

(Z7{, • • • , t7j , Tj+i , • • • , Tj_i) . 



Proof of Claim 26, Since Tj G (Lq, • • • , Uj,Tj+i, ■ ■ ■ , Tj_i), by Lemma 42, we get Tj + 
J2l~j+i Oi r T r G ([/]_, • • • , f7j) for some a r -s in F. Suppose there are two distinct choices 
for a r -s (we will call them a r and a' r ). Then, 



i-l 



T+ VrT r , I T + «;r r G (Z7i, • • • , Uj). 

=3+1 ) \ r=j+l J 

Subtracting, we get X^r=j+i( a ~~ a' r )T r G (JJ\, ■ ■ ■ ,Uj). Let s be the largest index such 
that a s — a' s 7^ 0. (By the distinctness of the sequences, such an index exists.) We get 
that T s G (U\, • • • , Uj,Tj + i, • • • , T s _i) C (Ui, • • • , U s -\). Since s < i — 1, this contradicts 
the hypothesis. Hence, the sequence {a r } is unique. 

The claim hypothesis says that Tj ^ {Ui,-- - , Uj—i, Tj, ■ ■ ■ , Tj_i). That implies Ti + 



YllJj+i a r T r i- {Ui,-- - ,Uj-i,Tj). Thus, by Corollary 23, 3v G nod( Ulj ... tUj _ 1 < ) (Tj) such 
that Ti + X^r=j+i ct r T r ^ (J7i, • • • , Uj-%,v). Let us update U to U' <— (U + radsp(v)). 
(This updates U r -s to U^-s.) 

We now argue that T, ^ ([/{, . . . , C/j, Tj+i, • • • , Tj_i). Suppose not. Then, by Lemma 

for some sequence /3 r , Tj + YX^j+i PrT r G ({/{, . . . , Uj) C (Lq, . . . , C/j) (since for all 
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U r \U' r ). By the uniqueness of {a r }, we have /3 r = a r , for all r. But that implies 
T + X]r=j+i oi r T r G (C/{, . . . , J7j) C (U±, • • • , Uj-i,v). This is a contradiction and hence 
completes the proof. □ 

Let us look at the first round (i.e. j = 1). Suppose T, ^ (Ui,T 2 , ■ ■ ■ ,Tj_i). Then, we 
move directly to the second round, since we have already satisfied the round invariant. 



Otherwise, Tj G (Ui,T2, ■ ■ ■ , T_i). Furthermore, by linear independence and Lemma 42 



we have Tj ^ (Ti,-- - , T»_i), so we can invoke Claim 26 to get a v G nod/o\(Ti). This 
allows us to update U +- (U + radsp(u)) such that T{ f~(Ui, T2, • • • , 

Now for the induction step. We assume that, by the end of the (j — l)th round, 
T £ (Ui, • • • , Uj-i,Tj, • • • , Tj_i). For the j-th round, either we would have to do nothing 



or have to apply Claim 26 and update U. In either case, rk(?7) increases by at most 1. At 
the end of the round, Tj ^ (Ui, • • • , Uj,Tj + i, • • • , Tj_i). 

This continues till j = i — 1. We finally have T« ^ (Z7l, • • • , = Ij, giving us the 

required invariant for the i-th phase. This completes the proof. □ 
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5. Invoking Sylvester- Gallai Theorems: The Final Rank Bound 



In this section we will bound the non-nucleus rank of a simple, minimal SIIS(fc, d), 



independent-fanin k! , identity C by (A; — k') ■ SG&'(F, d). Thus, proving Theorem 18 We 
divide the proof into two subsections. First, we bound the non-nucleus rank of a simple, 
strongly minimal T,UT,(k, d) identity C by SGfc_i(F, d), finishing the proof of Theorem 
[To] Second, we show how to repeatedly use this result on a simple, minimal but not 
strongly-minimal identity. 

5.1. The strongly minimal case. Assume that C := Y2ie[k] 1S a simple, strongly min- 
imal T,UT,(k, d) identity (recall: then Ti, . . . ,T^_i are linearly independent polynomials). 



Let K be its nucleus given by Theorem 10 There are two important properties of this 



nucleus that we restate (and elaborate upon) for emphasis. 

The first is the matching property. For any i G [k], L^-(Ti) (= L(Ti) \ K) is K- 
matched to L c K {Ti) (= L{Ti) \ K). In other words for any £ G L c K iT\), the degrees 
of M{L c K {Ti) n (F*^ + K)) and M(L c K {Ti) n (F*^ + K)) are equal (remark: they are 
polynomials in nod/^(Ti) and nod^(Tj) respectively). This observation motivates the 
following definition. 

Definition 27 (Family). Let C be a THTi{k,d) identity and K be its nucleus. Let £ G 
L° K (C). The family of £ is defined to be the list, fam(£) := {M{L c K (Ti) n (¥*£ + K)) \ i G 
[k]}. Note that fam{£) is a multiset of size exactly k, having equal degree polynomials 
corresponding to each term Ti, we fix this ordering on the list (i.e. i-th element in fam(£) 
corresponds & divides the multiplication term Ti). 

Verify that any two forms in L C K {C) that are "similar mod K" have the same families. 

[Partition, Class, Split & Preserve] Let us focus on a list fam(£). The equivalence 
relation of similarity (i.e. mod (0)) on fam(^), induces a partition of [k] (i.e. if fi, fj G 
fam(^) are similar then place i and j in the same partition-class). Denote this partition 
induced on [A;], by Part(£). Observe that Part(£) must contain at least 2 classes (otherwise 
simplicity of C is violated). 

Each set in this partition is called a class, and we naturally have a class cl(/) associated 
with each member of / G fam(£). 

We say that Part(£) splits a subset S C [k] if there is some class X G Part(£) such that 
X n S ^ 0, S. Otherwise, we say that Part(£) preserves S. Note that a singleton is always 
preserved. 

For classes A\ G Part(^i) and A2 G Part(^2)> the complement A± U A2 is just the set 
[k] \ (A\ U A2). We will be later interested in the properties of this complement set wrt 
the two partitions. 

The second property of the nucleus, the linear independence, says something technical 
about the nucleus identity. By definition Ki = M(L/^(Tj)), for all i £ [k], and by Lemma 
[46j : X^e[fc] a i^i = f° r some a^-s G F*. Furthermore, 

Claim 28. For 1 < r < k, let {s%, ■ ■ ■ , s r } be a subset SC [k], where s± < S2 < ■ ■ ■ < s r . 
ThenK Sr ^(K Sl ,--- ,K Sr _ 1 ). 

Proof. If s r < k, then this just holds from the linear independence of {Ki, . . . , Kk-i} 
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and Lemma 42 So, we can assume s r = k and G (K Sl ,--- ,K Sr _ 1 ). By Lemma 
this means = J2ie[r-i] PsiK Si for some /3-s G F. The nucleus identity gives us 
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K k = -X)ie[fc-l] %£Ki = J2ie{r-i]Psi K Si- Since r < k , this implies that for some 7- 
s in F, not all zero, X)ie[k-i] 7i-Ki = 0. This contradicts the linear independence of 
{Ki, . . . , finishing the proof. □ 

Before applying Sylvester-Gallai-type theorems (i.e. the SGfc_i operator) we emphasize 
that, as discussed in Section |2.3| there is a distinguished linear form uq £ L(R)* and a 
subspace U of L{R) such that L(-R) = ¥i/q(BU(BK and every form in L C K (C) is monic wrt yo- 
Thus, for every £ G L C K (C) there exists a unique way to express : £ = ayo + « + v (a G F*, 
u £ U and « G K). This allows us to define the truncation operator : trun(^) = yo+ 
a~ l u. 

Lemma 29 (Partitions from SGfc_i-tuple). Suppose rk{trun{L c K {Ti))) > SGk-i(¥,d), and 
SG k -i(trun(L c K (T{))) gives the set {h, £ % , • • • ,4-i}. For a// i G [fc - 1], let £\ G L C K {T X ) 
be a form satisfying trun{&'-) = i%. 

Let IC \k — 1] be nonempty, and A{ be any class in Part{l'j) for all i g 1. Suppose 
S := Uiex^* ^ 0- ^ en ^ is spZii fry Part(£' c ), for some c G X. 

Proof. We prove by contradiction. Suppose 5 is preserved by Part(^), for all i £ I. Since 
for all i G X, vlj G Part(^), by definition there exists an /j G fam(^) such that vlj = cl(/j). 
Similarly, for all i G X, there exists a ft 6 fam(^) such that S* C cl(ft). Note that, 
by definition, sets and S are disjoint, hence the classes cl(/j) and cl(ft) are different, 
implying /j,ft are not similar, for all i G X. 

Define ideal / := G X). Let us focus on the sub-circuit C5 = X^/es ^j- Since C = 
and 5 = Uiex c K/i)' we deduce C5 G I (as /j "kills" the term T r for all r G cl(/j), and 
"spares" the other terms). For alH G X, 5 C cl(ft) we deduce that : Y\ i& x9i divides Tj, 
for all j G S. So Tj := Xj/QT^j gi) is again a multiplication term with none of its form 
in {j ieX (J£*£'i + K) = Uiex( F *^ + K )- Thus, we get an important equation: 

°s = (n^V (e t ;) e </ii<ez>. 

Viex / \jes / 
By a repeated application of Lemma 47 on the above system, we get : 



(2) gr j6 (/;| i6 I)=:Awhe r e,/-=^^,V i£ Z. 

Since /i,ft are not similar, f[ has degree > 1, for all i G X. Let the elements of S 1 be si < 
S2 < • • • < s r , for some r G [fc— 1]. Since we have only changed the non-nucleus part of Tj to 
get Tj, we deduce K Si \T' s ., for all i G [r]. Thus, modulo the ideal I" := (/', K Sl , • • • , K Sr _ 1 ), 
Equation ^ becomes : T' Sr G I" . We have radsp(I") C sp(£i | i &T) + K. Let us factor 
T' s = BqB\, where Bq is the product of all forms in radsp(I") and B\ is the remaining 



product. Thus, BqB\ G I". By Lemma 41 B\ can be cancelled out and we get Bq G I". 
Suppose all forms of Bo are in K , so Bq = K Sr . This means K Sr G I" implying, 

(3) K Sr G {K Sl , • • • , K Sr l , {f- I z G X}). 

Recall that each form in is similar to some form in (F*£j + K), for all i G X. Suppose 
form + Mj)|/j', for all i G X, for some /3-s in F* and u-s in i"T. In Equation ([3]) make 

the evaluation : £3 « j3^~ Ui, for all i G X. This is a valid evaluation since | i G X} are 

linearly independent mod K, and values substituted are from K. Clearly, this evaluation 
leaves the polynomial K s (s G S) unchanged. Thus, we get K Sr G (K Sl ,--- ,K Sr _ 1 ), 



contradicting Claim 28 
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As a result, we have a form £\Bq such that £ £ K . We have £ G radsp(I") C sp(^ | i G 
X) + K, and by the way T' Sr was defined, I £ UiexO^*^ + By the matching property 
of the nucleus, this gives us an £' G L c K (Ti) such that : £' G (sp(£j|i El) + K)\K and 
£' ^ UielO^*^* ^0" This means that there exist constants in F, not all zero, such 
that £' G X^iez /% + K. As the coefficient of yo in ^' is nonzero while that in £i (i G X) 
is 1, we deduce : trun(i') = (X^ex /%) _1 Q^iex If exactly one is nonzero, then 

£' G (F*£j + if), which is a contradiction. So at least two are nonzero, implying that 
trun(T) G trun(L^(Ti)) is a non-trivial combination of the £i-s, contradicting the fact 
that {£i, ■ ■ ■ ,£k-i} were obtained from SGfc_i(trun(L^(Ti))). 

This contradiction proves that S is split by Part(^), for some i EX. □ 



To prove Theorem 16 we need a combinatorial lemma about general partitions. It is 
helpful to abstract out some of the details specific to identities and frame this as a purely 
combinatorial problem. Since the proof is fairly involved, we present that in the next 
subsection. For now, we give the necessary definitions and claims. We have a universe 
U := [k] of elements. We deal with set systems with special properties. 

Definition 30 (Unbroken chain). A partition oflA is trivial if it contains the single set 
U. 

Let^i be a collection of non-trivial partitions oflA (here a collection refers to a multiset, 
i.e. *P can have partitions repeated). A chain in *p is a sequence of sets Ai,A2, ••• ,A S 
(for some s) such that each set comes from a different element ofty (say Ai G Vi G 

The chain Ai,A%, ■ ■ ■ ,A S is an unbroken chain, «/Uie[s] is non-empty and preserved 
in Vi, for each i G [s]. 



Note that if [J i<s Ai is a singleton then it is trivially preserved in any partition, therefore, 



such a chain would be unbroken. By Lemma 29 the collection {Part(^)|i G [k — 1]} has 



no unbroken chain. By purely studying partitions, we will show that such a phenomenon 



is absurd. The following combinatorial lemma implies Theorem 16 



Lemma 31 (Partitions have unbroken chain). Let ^ be a collection of non-trivial parti- 
tions oflA. Ifty contains at least \IA\ — 1 partitions then *P contains an unbroken chain. 



Theorem |16[ (Bound for simple, strongly minimal identities). Let |F| > d. The non- 
nucleus rank of a simple and strongly minimal T,UT,(k,d) identity over F is at most 
SG fc _i(F,d). 



Proof, (of Theorem 16) Let C = Y^ie[k] ^» ' 3e a srm pl e an d strongly minimal £!!£(&, <i) 



identity over F, and let K be the nucleus provided by Theorem 10 As |F| > d we can 



assume (wlog by Lemma 40) the existence of a truncation operator on L C K (T\). We will 
show that the rank of trun(L^(Ti)) is at most SG^_i(F, d). By the matching property 
of the nucleus, t?un(L c K (T{j) together with K span L(C). Therefore, a non-nucleus rank 
bound of the former suffices to bound the non-nucleus rank of L{C). 



Assuming that the rank of trun(L^(Ti)) is greater than SGfc_i(F, d), as in Lemma 29 
we invoke SGfc_i(trun(L^(Ti))) to get {£±,£2, ■ • • , ^fe-i}- Associated with each of these, we 
have the partition Part(£). There are k — 1 partitions in the collection := {Part(£)|i G 



[k — 1]}, which are all non-trivial by the simplicity of C. Lemma 31 tells us that ^3 has 



an unbroken chain, while Lemma 29 says that has none. This contradiction implies the 



rank of truu{L c K (Ti)) is at most SGfc_i(F, d), thus finishing the proof. □ 



SG CONFIGURATIONS & RANK BOUNDS 



21 



5.1.1. The combinatorial proof of Lemma 31. Intuitively, when the partitions in *}3 have 



many classes then an unbroken chain should be easy to find, for example, when (k — 1) 
partitions in *}3 are all equal to {{1}, . . . , {k}} then there is an easy unbroken chain, namely 
{1}, . . . , {k — 1}. On the other hand, when the partitions in *}3 contain few classes then we 
can effectively decrease the universe and apply induction. Most of this subsection would 
deal with the former case. Let us first define the splitting property. 

Definition 32 (Splitting property). Letty be a collection of partitions oflA. Suppose for 
all non-empty S CU, S is split by at least (\S\ — 1) partitions o/^3. Then ^3 is said to 
have the splitting property. 

Claim 33. Let ^ be a collection of at least (k — 1) non-trivial partitions of [k]. Ifty has 
the splitting property then there is a chain Ai, ■ ■ ■ , A k -i in such that Ui<fc— l Ai = {k}. 
(In particular, *}3 has an unbroken chain.) 

We defer its proof and, instead, first show why this claim would suffice. 



Proof, (of Lemma 31 ) We will prove this by induction on the universe size k. For the 
base case, suppose k = 3 and *P = {T > i,T > 2, ■ ■ • }• So we have at least two partitions. If 
any partition (say Vi) contains exactly 2 sets, it must be a pair and a singleton (say 
"Pi = {{1, 2}, {3}}). But then {1, 2} is itself an unbroken chain in So, all the partitions 
can be assumed to consist only of singletons. But then we can take the set, say, {1} from 
V\ and, say, {2} from V<i to get an unbroken chain. 

Now for the induction step. Suppose *p has at least (k — 1) partitions. We assume that 
the claim is true for universes of size upto (k — 1). If ^3 has the splitting property, then 



we are done by Claim 33 If not, then for some subset S C U of size at least 2, S is split 
in at most (\S\ — 2) partitions. Let the collection of partitions in that preserve S be 
So contains at least (k — 1) — (l-SI — 2) = (k — \S\ + 1) partitions. Merge the elements 
of S into a new element, to get a new universe IA 1 of size (k — \S\ + 1). The partitions in 
are valid partitions of U' , and still maintain their structure. We now have a universe 
of size k — \S\ + 1 < k, and at least k — \S\ + 1 partitions. By the induction hypothesis, 
there is an unbroken chain in ty' . Observe that it is (under the natural correspondence) 
still an unbroken chain in the original collection and we are done. □ 



Proof, (of Claim 33) We will label the partitions in *p in such a way that its first (k — 1) 



elements, Vi, ■ ■ ■ ,Vk-i satisfy : V% splits {i, k}, for all i E [k — 1]. Thus, there is a set 
Ai £ Vi that contains i but not k. Naturally, \J i<k Ai = {k}. 

We will construct this labelling through an iterative process. In the ith phase, we will 
find Vi- At the end of this phase, we will have V\, • • • ,Vi with the desired property and 
the remaining pool of remaining partitions. We warn the reader that this labelling 
is very dynamic, so during the ith phase, we may change the labels of V\, ■ ■ ■ jVi-i by 
moving them to *}3 and labelling new partitions with older labels. At any stage, we have 
the labelled partitions and the unlabelled partitions Before the beginning of the first 
phase, *P is just the given collection of all permutations. 

[Phase 1] The first phase is easy to understand. By the splitting property, there is 
some partition that splits {1, A;}. We set this to V\. 

[Phase i] The ith phase, i > 2, is a rather involved process. We describe the various 
sets associated with it and explain them. By the beginning of this phase, we have already 
determined Vi, ■ ■ ■ The covered elements are just [i — 1]. We maintain a partition 

E±, ■ ■ ■ ,Ei-i of the covered elements. We set Eq = {i, k}. Corresponding to each set Ej, 
we have a set of partitions Cj (:= {Vb\b £ Ej}). We fix Co = 0. Note that the Cfs form 
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a partition of the labelled partitions. We set E<j = Uo<Kj^ - ^ e a similar set of 
partitions C<j = Uo<Kj ^i- We will always maintain that Vj splits {j, k}. 

There will be various rounds in a phase. To aid understanding, we will describe the 
first and second round in detail. 

[Phase i, Round 1] We now explain the first round. Initially, we set E\ = [i — 1]. 
This is because, as of now, we know nothing about the elements in the set containing k 
in the various 7-j's. Note that at any stage, if we have a partition in that splits {i, k}, 
we can set this to Vi and we are done. 

Now, for every element b in E\ (currently, it is [i — 1]) check if there is a partition 
in *p that splits {i,k, b}. If so, call this a success for b. Note that {i,k} is not split in 
any partition Now, we can label this partition as Vb and move the old one to the 
pool ^3. All the labelled partitions still have their desired property. If the old partition 
splits {i,k}, then we are done (since this is now in *}3). So, we can assume that (even 
after this switching) that {i, k} is preserved in all of For our (new) Vb, we know that 
{i, k} is preserved. So we have some extra information about it. This is represented by 
"promoting" b from E\ to E^. This just involves removing b from E\ and putting it in 
E2. Let us repeat this for all elements in E\ until we have a maximal set E2, containing 
all successful elements. Note that when *p changes because of the switching, we check all 
elements in E\ again for successes. 

We are now at the end of this round and have the following information. \Ei,E^\ is a 
partition of [i— 1]. For any successful element b G E2, Vb preserves {i, k}. So, the labelled 
partitions C2 preserve {i, k} = Eq. For every failure b £ Ei, every partition in preserves 
{i, k, b}. In other words, every partition in *p preserves E\ U{i, k] = E<i- Successes create 
the new E2, while failures increase the size of the set preserved by 

Let us understand this a little more. Suppose all elements are eventually successful, so 
E2 = [i — 1]. Therefore, all labelled partitions preserve {i, k}. But so do all partitions in 
So {i, k} is preserved in all partitions, contradicting the splitting property. There must 
be some failures. Suppose everything is a failure, so E\ is still [i — 1]. The set E<i has 
size i + 1. But the only partitions that split E<i are the labelled ones since preserves 
E<\. There are only i — 1 labelled partitions so this contradicts the splitting property. 
So there are some successes and some failures and E±,E2 form a non-trivial partition. In 
some sense, we made "progress" . 

[Phase i, Round 2] We move to the next round. For every b £ E2, we check if 
E<\ U {6} is split in any partition of If we get a success, then we set this partition 
to be the new Vb- We "promote" b from E2 to a new set £3. We need to shift this old 
partition (call it V) to our pool But we want to ensure that E<\ is preserved in all of 
and this may not happen for V. So, first we check if {i, k} is preserved in V. If not, we 
are done. Assume otherwise. We start checking if {i,k,c} is preserved, for all c € E\. If 
it is so for all c, then we know that E<\ is preserved in V. So, we maintain our condition 
about and we continue to the next b. If not (this is the interesting part!), then we 
have found a partition that separates c from {i,k}. Note that the reason why c belongs 
to Ei, is, because we were unable (in the previous round) to find such a partition. So, 
we label V as V c - We "promote" c from E\ to E2. The old V c is moved to the pool *p, 
so we repeat the above procedure for this partition as well. So, either we maintain the 
invariant that E<i is preserved in all of or we promote elements from E\ to E2. If, at 
some stage, there are no elements in E\, then we are done. (Why? Because every labelled 
partition now preserves {i,k}, by the splitting property, there must be a partition in *p 
splitting this.) For all the failures b 6 E\, we know that E<\ U {b} is preserved in All 
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successes are promoted to E^- So at the end we have the partition E\,E2,E$ of [i — 1]. 
All of preserves E<2- The partitions C3 preserve E<\ and those in C2 preserve E<q. If 
E3 is empty, then E<2 is of size i + 1. All of <p preserves £<2 so the splitting property is 
violated. If E\ is empty, then also we are done. 

Let us give a formal proof by describing the invariant at the end of a round. 

Claim 34. By the end of the (ith phase-) jth round, suppose we do not find the right 
Vi- Then we can construct a partition of [i — 1], E±, ■ ■ ■ ,Ej + \, where Ej+\ is non-empty 
and the following hold: the partitions C\ preserve E<i_2, for all 2 ^ / ^ (J + 1), and the 
unlabelled partitions ^ preserve E<j . 

Proof. We prove by induction on j. We have already proven this for j = 1,2. Assuming 
this is true upto j, we will show this for j + The round repeatedly "processes" elements 
of Ej + \. Processing b G Ej+\ involves checking if all partitions in preserve E<j U {b}. 
If they do, then b is a failure. If V G splits E<j U {b}, then we "swap" it with Vb, i.e. 
V is now the old Vb and is denoted a hanging partition. The element b is promoted from 
Ej + i to the new set -Ej+2- How to deal with the hanging partition VI We first check if 
it splits Eq. If so, we have found Vi- Otherwise, we check if it preserves Eq U {c}, for all 
c G E±. If it splits {i, k, c}, then we swap V with V c . We promote c from E\ to E2. The 
old "P c becomes the new hanging partition V. If V preserves E<i, then we move on to E2. 
In general, if V preserves E<i, then we check if V preserves all E<i U {c}, for c G 
If V splits U {c}, we swap "P with V c and promote c from Ei + \ to -£7+2- Note that 
the sets E< p (for any p) can only decrease on such a promotion. So still the partitions 
in C p preserve -E< p _2- The old V c becomes the new hanging partition V and we repeat 
this process. If, on the other hand, V preserves all E<i U {c}, then V preserves E<i + \. So 
we repeat this process with £7+2, and so on. If we end up with V preserving E<j, then 
we can safely move V into Otherwise, we have made a promotion and we deal with a 
new hanging partition. Note that when *p changes, we again process all elements in Ej+x. 
There can only be a finite number of promotions, so this round must end. We end up with 
Eo, - ■ ■ , Ej + 2, with Ci preserving S</_2- All the failures are still in Ej + \, and *p preserves 
all E<j U {c}, Vc G Ej+i. So *P now preserves E<j U Ej + i = E<j + \. Note that if Ej + 2 is 
empty, we have a contradiction. This is because -£<j+i is of size i + 1 and there are at 
most i — 1 partitions splitting it. □ 

Now we show that in this phase i > 2 there can be at most i rounds before we get the 
desired Vi. 

Claim 35. Suppose E±, ■ ■ ■ , Ej is a partition of [i — 1] such that Ci preserves E<x_2 and 
*P preserves E<j. Then all E\ 's are non-empty. 

Proof. Suppose E\ is empty, for some / G [j]. So C/ is also empty. Any partition that is 
not in C<i-i is either in *p or in C p , for some p ^ I + 1 (if it exists). All these partitions 
preserve E<i_\. Thus, the only partitions splitting E<i_\ are those in C</_i. Since 
|C<;_i| = |£'<i_i| — 2, we contradict the splitting property. □ 

The sets E\ , ■ ■ ■ ,Ej form a partition of [i — 1] . The above claim tells us that we can 
run at most % — 1 rounds to completion. Hence, if we do not find V% by i — 1 rounds, then, 



by Claim 34 we will find it in the ith round. This completes the proof. □ 



5.2. The general case. Now, we deal with simple, minimal identities and remove the 
strong minimality condition. This will come at a cost of an extra k factor in the rank 
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bound. First, we recall the definition of gcd and simple parts of a general circuit, as 
given in older works [DS06, SS09 . 

Definition 36 (Gcd & Simple part). Let C = Ylie[k] be a T,IL'E(k,d) circuit over a 
field F. The gcd of C is defined to be the usual gcd of the polynomials Ti-s, i.e. gcd(C) := 
gcd(Ti\i G [k]). 

The simple part of C is the T,HT,(k,d') circuit, sim(C) := Cj gcd(C), where d' := 
d-deg(gcd(C)). 



The following will be shown to be a consequence of Theorem [16j 

Theorem |18[ (Final bound). Let |F| > d. The rank of a simple, minimal SIIS(A;, d), 
independent-fanin k', identity is at most 2k 2 + (k — k') ■ SG/v(F, d). 

Proof. Let circuit C be T\ + • • • + T^ = 0. Wlog let Ti, • ■ ■ ,T^i be a linear basis for 
T\ , • • • , Tfc . Obviously, we have 1 < k' < k (first by simplicity and second by zeroness) . 



By Theorem 10, there exists a nucleus K wrt the set T := [k'j. The rank of K is at most 
2k 2 . So, it remains to bound the non-nucleus rank of C by (k — k') • SGfc/(F, d). 

As Ti, ■ • • , Ty form a basis, for each i G [k' + 1, k], there exists oiij-s in F such that we 
have a zero circuit Di := Y^jelk'} a i,jTj + T = 0. Define N{ to be the set of j-s for which 
oiij / 0. Thus, 

(4) Vi G [k' + 1, fc], A = Oij-Tj + ^ = 

Since {ctijTj \ j G iVj} are |iVj| linearly independent terms, we get that Di is a strongly 
minimal SnS(|A^| + 1, d) identity, for all i G [A/ + 1, fe]. By nucleus properties, {Kj\j G iVj} 
are linearly independent polynomials, implying that the polynomials {Kj/gi\j G iVj} are 
also linearly independent, where gi := M(L^(gcd(£)j))). Thus, the linear space X remains 
a nucleus of the new identity sim(Z)j), showing at the same time that it is strongly minimal. 
We conclude that sim(Dj) is a simple, strongly minimal £II£(fcj, di) identity with nucleus 



K (although of rk < 2k 2 ), ha < (k' + 1), d { ^ d, for all ie[k' + l,k]. Theorem [l6j bounds 
the non-nucleus (non-K to be precise) rank of each of these identities by SGfc'(F, d). 

Suppose a linear form l\gcd{D{) for all i G [k' + l,k]. Then ^ divides Tj for all j G 
Uie[fe'+i,fe] N i u i k ' + X ' Consider the case (J ie [fc'+i,fe] Ni — [k'], it means that £ divides 
every term in C, contradicting simplicity. Thus, in that case every linear form £ of C 
appears in at least one of the circuits {sim(Dj)|i G [k' + whose total non-nucleus 

rank we have already bounded by (k — k') ■ SG&/(F, d), so we will be done. 

The case, left to handle, is when : 5* := Ujgrfc'+i k] N £ This means, by summing 
over i in Equation Q, Ylie[k'+l k] = J2 s eS fisTs, for some /3-s in F. Substituting this in 
the equation C = we get, 

c = C[k'] + c^'+i,^ = + ^s^s = 0- 

ie[fc'] seS 

As S* is a proper subset of [k'], the above equation could only mean that a nontrivial 
combination of Tj (i G [k 1 ]) is vanishing, contradicting the linear independence of those 
polynomials. Thus, S = [A/]. This completes the proof. □ 

6. Sylvester-Gallai Rank Bounds for any F 



We wish to bound SG}-(^,m), for any field F. We will prove the following theorem, 
which can be seen as the first attempt ever to give a Sylvester-Gallai Theorem for all 
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fields. It is convenient to think of a set of vectors S in F n as multiple-free: this means 
that no two vectors in S are scalar multiples of each other. 

Theorem 37 (High dimension Sylvester-Gallai for any field). Suppose k G N >1 and S is 
an SGk-closed set of vectors in F n of rank r ^ 9k. Then, \S\ ^ 2 r / 9fc . In other words, for 
every m G N >1 ; SGk(¥,m) < 9A;lgm. 

Remark. This bound is not tight. Over ¥ p , the best construction we can come up with 
is an SGk-closed set with rank around k + log p m. Consider Fp _1+r , for some r > and 
p \ (k — 1). Take the set Si C ¥^~ 1+r of vectors ei, e 2 , • • • , &k-li k^l ' Y^ie[k-i] e *> wnere e « 
is just the unit vector in the ith direction. Then take the set S 2 C Fp _1+r of all (non-zero) 
vectors which have zeroes in the first (fc— 1) coordinates. Extend this to ¥p +r by putting a 
1 in the new coordinate. This gives a set of non- multiple distinct vectors in ¥p +r . Observe 
that Si is SGfc_i-closed and S2 is SGVclosed. Hence Si U S2 is SG^-closed. The size of 
S is (k + p r — 1) and the rank is just k + r. 

In some sense, bounds for SG2(F, m) are already implicit in known theorems (used to 
prove lower bounds for LDCs). Concretely, Corollary 2.9 of [DS06j can be interpreted as 
a proof that SG2(F, m) = O(logm). This is an extension of theorems in [GKST02J that 
prove this for F2. In the context of SG2, these proofs can be interpreted as a "doubling 
trick". In essence, each time we want to increase the rank of an SG2-closed set by 1, we 
are forced to double the number of vectors. A naive attempt to implement this for SG^ 
does not work. 

Roughly speaking, we want to argue that if we want to increase the rank of an SG&- 
closed set by (k — 1), then the size of the set must double. But, when k > 3, this is 
not true! It is possible to increase the rank by (A; — 1) by adding a very small number 
of vectors. So we have a sort of two-pronged approach. If the size does not increase 
much, even though the rank increases, then we show that the set has some very special 
SG properties. Namely, many small subspaces of the set are SG^-i-closed. Even though 
these subspaces can intersect very heavily, we are still able to argue that the set must now 
be very large. 

We will require two auxiliary claims. The first claim is probably of independent interest, 
but the second is tied to our current approach. 

Claim 38. Suppose k G N >1 and S is SGk-closed. Let vectors ei, e2, • • ■ , e r be elements 
of S that form a basis for S. Hence, every element in S is represented by an r-tuple 
of coordinates in F. There exists some element in S whose representation has at least 
r j(k — 1) non-zero coordinates. 

Proof. Consider any vector v G S. Let v = Yll=i a i e ii f° r a % £ ^ ■ We denote by N(v) the 
index set {i\cti 7^ 0}. In other words, N(v) is the set of indices for which the corresponding 
coordinates of v are non-zero. Let v\ G S be some vector that maximizes |iV(fi)|. Choose 
some V2 G S such that N{v2) fl N(v\) = and |iV(i;2)| is maximized. Such a v% exists as 
long as |iV(ui)| < r, as in this case we can get V2 from sp(ej|i ^ N(vi)). Iteratively, choose 
Vj G S such that N(vj) is disjoint to U;<j N(vi) and \N(vj)\ is maximized. As long as 
\Jkj N(vi) 7^ [r], we can always choose the next Vj+i, again, from sp(ej|i ^ Uz<j N(vi)). 
We keep choosing v/s until we cover all coordinates. At the end, Ukj N(vj) = [r]. Note 
that the sets N(vi), • • • , N(vj) form a partition of [r]. 

Suppose j > k. Then take the vectors vi, ■ ■ ■ ,Vk- They are certainly linearly indepen- 
dent, since they are defined on a disjoint set of coordinates. By the SG^-closure of S, some 



26 



NITIN SAXENA AND C. SESHADHRI 



non-trivial linear combination of these vectors exists in S. Suppose some non-zero combi- 
nation of Vi 1: Vi 2 , • ■ ■ , denoted by v, is in S (where i\ < 12 ■ ■ ■ )■ Note that N(v) D A^-UjJ 
and N(v) is disjoint to Uz<ii N(vi). That contradicts that choice of v^. Hence j < k. 
Because the sets N(vi) form a partition of [r], |iV(ui)| > r/(k — 1). That completes the 
proof. □ 

Claim 39. Suppose k G N >2 . Consider a set of linearly independent vectors ex, • • • , e r / in 
S\ Lei I C [r'\ and \I\ > r'/4. Let the set Ej be {ei\i G 1} and Si be the set S n sp(Ej). 
If for all such I, Si is SGk-i-closed, then \St r n\ > 2 r / 8fc . 



Proof. By Claim 38 for every such /, there is a vi G S such that vi has at least \I\/(k — 2) 
non-zero coordinates (wrt basis Ej). Fix these vi, for each such /. As before, we denote the 
set of indices corresponding to non-zero coordinates of v by N(v). We describe a random 
process to generate a subset of [r'\. Simply pick each element in [r 1 ] independently with 
probability 1/2. Let / and J be two sets generated independently this way. A "good" 
event occurs if |/| > r'/4 and vi ^ Sj. We will call this the good event for (I, J). How 
can a good event not happen? Either \I\ < r'/4, or, if |/| > r'/4, then vi G Sj. What is 
the probability of a "bad" event (call this £(I, J)) happening? This is: 

Pr[| J| < r'/4] + Pr[|/| > r'/4] • Pr[u/ G Sj \ \I\ > r'/4] 

Since E[| I\] = r' /2, the probability that |/| < r'/4 is at most e~ r '/ 8 (by a Chernoff bound, 
refer to notes |O'D09| for the exact form used). Obviously, Pr[|/| > r'/4] < 1. Now 
assume that \I\ > r'/4. So |A^(f/)| > r' /4(k — 2). For vi to be in Sj, J must contain 
N(vi). By the random construction of J, the probability of this is at most 2~ r '/ 4 ( fc - 2 )_ 
Thus, the probability of a bad event is at most e~ r '/ 8 + 2" r '/4(fc-2) < 2 . 2- r '/4(*-i). 

Now, let us choose q = 2 r / 8fc subsets of [r'] independently through this random dis- 
tribution. Call these Ii,h, ■•■ For indices 1 ^ a < b < q, let X a f, be the indicator 



random variable for the event £(I a ,Ib). What is the expected total number of bad events? 

t 
2 



E 



2 Xab 

lsga<fe<g 



m ab ] < ^PT[£(h,I 2 )} < 2 r '^ k ■ 2-'-'/4(fe-i) < ! 



l^a<fe<g 

By the probabilistic method, there exist subsets of [r'], I\,l2,-" -,Iq such that no event 
£(I a ,Ib) happens. This means all sets I a are of size at least r'/4. Furthermore, for 
1 ^ a < b < q, vi a $ Si b . This means that vi a 7^ vi b . Therefore, there must be at least q 
distinct vectors in St~n. □ 



Proof, (of Theorem 37) It will be convenient to assume that |5| < 2 r / 9fc , and arrive at 
a contradiction. Let T C S be a subset of rank t < r/9. We can construct a basis of 
S, ei, • • ■ , e r /, e r ' + i, • • • , e r , using elements of S such that : r' > 8r/9, {ex, • • • , e r /} are 
orthogonal to T, and {e r ' + i,--- ,e r } spans T. If > 2 then by applying Claim 39 to 
ex, • • • , e r i we get some I C [r'\ such that \I\ > r'/4 > 2r/9 > 2A;, and 5/ is not SG^-i- 
closed (recall, Si := S n sp(ej|i G I)). There exist linearly independent t>x, t>2, • • • , ^fe-i G 
Si such that no non-trivial combination of these are in Si (and hence in S). On the other 
hand, if k = 2 then define v\ := ex- Note that v±,V2,--- , ffc-x are all orthogonal to T. 

Consider any v G T. By the S'Gfc-closure of S, there exists some linear combination of 
{v , f x, • • • , ffc-x} in S. Call this the image of v. Take two different v, v' G T. We argue 
that their images are distinct. Let the image of v be av + J2i<k~i a i v i an d t ne image of 
v' be j3v' + J2i<k-i Pi v i- Note that a/3 7^ by the way we have chosen v\, V2, ■ ■ ■ , f/c-x- If 
these images are equal, then av — (3v' = J2i<k-i(@i~ a i) v i- Since v and v' are not multiples 
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of each other, the right hand side is non-zero. The left hand side is a vector that is spanned 
by e r / + i, • • • ,e r but the right hand side is spanned by e±, • ■ ■ ,e r i. Contradiction. Hence, 
all images are distinct. 

Starting from any subset T C S of rank t < r/9, there exist linearly independent 
vi, ■ ■ ■ , Vk-\ £ S such that Snspjfi, • • • , Vk-i, e r '+i, '" , &r} contains at least 2\T\ vectors. 
The rank of this intersection is t + {k — 1). Starting from T being just one vector, we keep 
repeating this process. This can go on for h iterations, where h is the smallest integer 
such that 1 + (k — l)h > r/9. So, h = [(r/9 — — 1)] which is at least r/9k, since 

r > 9k. We have \S\ > 2 h > 2 r / 9k . Contradiction. □ 



7. Conclusion 

In this work we developed the strongest methods, to date, to study depth-3 identities. 
The ideal methods hinge on a classification of zerodivisors of the ideals generated by gates 



of a ELTE circuit (eg. Lemmas 41 44 and 47). That is useful in proving an ideal version 



of Chinese remaindering tailor-made for SITE circuits, which is in turn useful to show a 
connection between all the gates involved in an identity. As a byproduct, it shows the 
existence of a low rank nucleus identity C sitting inside any given T,UT,(k,d) identity 
C (when C is not minimal, C can still be defined but it might not be homogeneous). 
This nucleus identity is quite mysterious and it might be useful for PIT to understand (or 
classify) it further. For example, can the rank bound for the nucleus identity be 
improved to 0(k)? 

We generalize the notion of Sylvester-Gallai configurations to any field and define a 
parameter SGfc(F,m) associated with field F. This number seems to be a fundamental 
property of a field, and as we show, is very closely related to XTIE identities. It would 
be interesting to obtain bounds for SGfc(F, m) for different F. For example, as also asked 
by |KS09b| . can we nontrivially bound the number SGfc(F, m) for interesting 
fields: C, finite fields with large characteristic, or even p-adic fields? Other 
than the bounds for R, all that was known before is SG2(C,m) < 3 [EPS06]. We shed (a 
little) light on high dimension SG rank bounds by showing SGfc(F,m) = 0(klogm). We 
conjecture: SGfc(F, m) is 0(k) for zero characteristic fields, while 0(k + log p m) for fields 
of characteristic p > 1. 

We also prove a property of a general collection of partitions of a universe U, namely, 
if *p has at least \U\ — 1 partitions then it has an unbroken chain. It is tight and gives 
an idea of how a Sylvester-Gallai configuration in the non-nucleus part of a SLIS(/c,d) 
identity "spreads" around. 

Finally, we ask: Can the rank bound for simple minimal real £II£(A;,(f) iden- 
tities be improved to 0{k)l The best constructions known, since [DSQ6], have rank 
4(k — 2). Likewise, over other fields, our upper bound of 0(k 2 logd) still leaves some gap 
in understanding the exact dependence on k. 
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Appendix A. Technical, Algebraic Lemmas 

We denote the polynomial ring ¥[x\, . . . , x n ] by R. 

Lemma 40 (Monic forms). Let |F| > d and C be a T,UT,(k,d) identity, over F, with 
nucleus K. Let yo G L{R)* and U be a subspace of L(R) such that L(R) = Fyo © U © K. 
Then there exists an invertible linear transformation r : L(R) —> L(R) that fixes K and : 

1) t(C) is also a £IE(A;, d) identity with nucleus K and the same simplicity, mini- 
mality properties. 

2) Every form in L c k {t{C)) = t(L c k (C)) is monic wrt yo- 

Proof. Let r := rk(Fyo © U). Fix a basis {yo, . . . , y r -i} of Fyo © U and let y denote the 
column vector [yo • • - yr-i] T - Let t G L C K (T\). Then there is a unique nonzero (column) 
vector cTg G F r and a V£ G K, such that I = ai T ■ y +V£. We intend r to be a linear 
transformation that fixes each element in K and maps y to Ay where A G F rxr . Such a 
r will map £ to t(o£ T -y)+V£ = ai T ■ r(y) +ve = ai T Ay + vt- To make t(£) monic in yo 
we need to choose A such that the first coordinate in ct£ T A is nonzero, i.e. ae T A*i ^ 
where A*i is the first column of A. Thus, we want an A such that n^ei 11 (Ti) ~®4 T A*\ 7^ 0. 

Now the nonzero multivariate polynomial f(Y) := YieeLj,^) c*i> T Y nas degree at most 
d < |F|. Hence, by the Schwartz-Zippel lemma }Sch80| Zip79| there exists a point Y G F r 



at which / is nonzero. We can fix A*i to be that point. This fixes just one column of A 
to a nonzero vector and we can arbitrarily fix the rest such that A is an invertible matrix. 
Thus, the corresponding invertible r makes each I G L C K (T\) monic in yo- Since r fixes 
the nucleus K, matching property of the nucleus tells us that every form in L c k (t(C)) = 
t(L c k (C)) is monic in yo- 

Since r is an invertible linear transformation, it is actually an automorphism of L(R) 
and, in particular, the zeroness, simplicity and minimality properties of C are invariant 
under it. □ 

An ideal I of R with generators fi,i G [m], is the set {5Zie[m] Qifi\<li ,s e ^} an d is 
denoted by the notation (fx, . . . , f m ). For any / G R, the three notations / = 0(mod I), 
/ = 0(mod /1, . . . , f m ) and / G I, mean the same. 

An / G R is called a zerodivisor of an ideal I (or mod I) if / ^ / and there exists a 
g G R \ L such that fg G I. 

Let u,v G R. It is easy to see that if u is nonzero mod / and is a non-zerodivisor 
mod / then: uv G J iff v G /. This can be seen as some sort of a "cancellation rule" for 
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non-zerodivisors. We show such a cancellation rule in the case of ideals arising in SIIS 
circuits. 

Lemma 41 (Non-zerodivisor) . Let fx, . . . , f m be multiplication terms generating an ideal 
I, let I £ L(R) and g £ R. If t £ radsp(I) then: £g £ I iff g £ I . 

Proof. Assume I ^ radsp(I). If / = {0} then the lemma is of course true. So let us assume 
that / ^ {0} and rk(radsp(/)) =: r £ [n — 1]. As i £ radsp(J) there exists an invertible 
linear transformation r : L(R) — > L(R) that maps each form of radsp(I) to sp(xi, . . . , x r ) 
and maps i to x n . Now suppose that Ig £ I. This means that there are qx, . . . ,q m £ R 
such that ig = YliLi Qifi- Apply r on this to get: 

m 

(5) x n g' = Y j q'Ah)- 

i=l 

We know that r(/j)'s are free of x n . Express g' , q[-s as polynomials wrt x n , say 

(6) g' = ajX J n , where aj £ ¥[xi, x n -\] 

j>o 

(7) q'i = ^2 hjxl, where b itj £ ¥[xi, . . . , x n -i] 

j>o 

Now for some d > 1 compare the coefficients of x^ on both sides of Equation We 
get a d _i = YnLiKdrtfi), thus a d _i and a^x^ 1 are in (r(/i), . . . , r(/ m )). Doing this 
for all d > 1, we get g' £ (r(/i), . . . ,r(/ m )), hence g = r -1 ^') G . . . , f m ) = I. This 
finishes the proof. □ 

All the ideals arising in this work are homogeneous, i.e. their generators are homoge- 
neous polynomials. These ideals have some nice properties, as shown below. Degree deg(-) 
refers to the total degree unless there is a subscript specifying the variable as well. 

Lemma 42 (Homogeneous ideals). Say, fi, . . . , f m ,g are homogeneous polynomials in R. 
Then, 

1) If deg(g) < deg(f m ) then: g £ (/i, . . . ,/ m ) iff g £ {fx, . . . , / m -i). 

2) If deg{g) = deg{f m ) then: g £ (fx, . . . , f m ) iff 3a £ ¥, (g + af m ) £ (fx,---, fm-i}- 

Proof. Say, g £ (fx, ■ ■ ■ , f m ). Then, by definition, there exist q's in R such that, 

m 

(8) S = X>/i- 

i=i 

Let d := deg(g). If we compare the monomials of degree d on both sides of Equation Q 
then the LHS gives g. In the RHS we see that an fi of degree a\ contributes [qilu-d^fi, 
where [q]j is defined to be the sum of the degree j terms of q (and, zero if j < 0). Thus, 
9 = YliLxi^ild-difi- This equation proves both the properties at once. □ 

We show below that a congruence of two multiplication terms modulo an ideal, gener- 
ated by terms, leads to a matching via the radical-span. 

Definition 43 (Ljj(-), Lfj(-)). For a multiplication term f and a subspace U C L(R) 
define Lu{f):=L(f)^U and L c v (f):=L(f)\U. 
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Lemma 44 (Congruence to Matching). Let I be an ideal generated by multiplication 
terms {fx, . . . , f m } and define U := radsp(I). Let g, h be multiplication terms such that 
g = h (mod I). Then there is a U -matching between Lu(g), Ljj(h) and one between 

Proof. Define go := M(Ljj(g)) and ho := M(Lu(h)). Suppose the list Lu(g) is larger than 
the list Lu(h). By the congruence we have h G (I, go). As radsp(/,go) = U, by Lemma 



41 we can drop the non-U forms of h to get ho G (I, go}- As (I, go) is a homogeneous ideal 



and deg(/io) < deg(go) we get by Lemma 42 that ho G I- But this means h £ I, which 



contradicts the hypothesis. Thus, deg(/io) > deg(g , o) and by symmetry we get them infact 
equal. Thus, the lists Ljj(g), Ljj(h) are of equal size, which trivially [/-matches them. 

We will show that for any t G L(R) \ U, the number of forms that are similar to I mod 
U in Ly(g) is equal to that in Lfj(h). This fact will prove the lemma as it shows that 
every form in Lfj(g) can be [/-matched to a distinct form in L^(/i). 

Pick an I 6 L(R) \ U. Let g\ be the product of the forms that are similar to I mod U 
in Lu(g) (if none exist then set g\ = 1), similarly define h\ from h. Suppose deg(/ii) < 
deg(gi) =: d. By the congruence we have h G (I,gi). As radsp(/,gi) = U ©F^, by Lemma 
[4l] we can drop the non sp([/, t) forms of h to get 

(9) hohi G (I, gi). 

Define r := rk([/) which has to be > 0, as otherwise / = (1) contradicting h ^ I. Pick an 
invertible linear transformation r : L(R) — > L(R) such that forms in U are mapped inside 
sp(xi, . . . , x T ) and i 1— > x n . Apply r on Equation ^ to get 

m 

(10) h'oh'x = ^2qifl + qg[ , 

i=l 

where h' and f'-s are in ¥[x\, . . . ,x r ]; h[ is 1 or is a polynomial with deg Xn G [d — 1]; 
g[ is a polynomial with deg a . n = d; and g's G i2. With these conditions if we compare 



the coefficients of x„ on both sides of Equation (10) then we get o € (/{,..., f' m ), hence 
T^ 1 (q) G ...,/ m ) = -f- Thus, applying r^ 1 on Equation (10) we get hoh\ G /, so 
h £ I, contradicting the hypothesis. Thus, deg(/ii) > deg(gi) and by symmetry we get 
them infact equal. This shows the number of forms that are similar to I mod U in Lfj(g) 
is equal to that in Ljj(h), finishing the proof. □ 

One pleasant consequence of iC-matching all the multiplication terms in an identity is 
that we get a smaller identity, using linear forms solely from K, called the nucleus identity. 
To see that we use a metric associated with matchings, first introduced in [SS09] . 

Definition 45 (Scaling factor). Let K be a subspace of L(R) and Li,L2 be two lists 
of linear forms in L(R) \ K. Let n be a K-matching between L\,L2- Then for every 
i G L\, there is a unique C£ G F* such that ir(£) G cg£ + K (if there is another d G F with 
7r(£) G dt + K , then (q — d)£ G K , implying I G K, a contradiction). 
We define the scaling factor of it, sc(ir) := Y\ ieLl Q. 

Lemma 46 (Nucleus identity). Suppose C = £^Tj is a SIIS(fe,d) identity and K is 
a subspace of L(R) such that Ti,Tj are K -matched, for all i G [k]. Then the terms 
M(LK{Ti)), fori G [k], are all of the same degree, say d! , and form a T,ILT,(k,d') identity 
Z ie[k] aiM(L K (Ti)), for some a, G F*. 

Proof. Since T\,T{ are ET-matched, we get from the definition of matching that terms 
M(L K (Ti)), M(L K (Ti)) have the same degree d' > 0. Furthermore, M{L C K (T X )) and 
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M{L c K (Ti)) are also -fT-matched, call this induced matching 7Tj. As all the forms in L C K {T\) 
are outside K, the scaling factor sc(-7Tj) is well defined, for all i G [A;]. 

Fix a subspace U such that L(R) = K ®U and let r := rk(i^). Fix an invertible linear 
transformation r : L{R) — > L(R) that maps K to sp(xi, . . . , x r ). It follows that for any 
form £ G L^(Ti), t{£) is a form with a nonzero coefficient wrt some Xi, i > r (otherwise 
t(£) G sp(xi, . . . ,x r ), thus £ G K , a contradiction). Call the largest such i, ji. If we look 
at the product (note: it is over a list so it could have repeated factors), 

(11) ai := H \x k }r{i) 

([x 1 ]/ gives the coefficient of the monomial x % in /), then it is the coefficient of n^eL^(Ti) x k 
in t(M{L c k (Ti))), in other words, a\ is its leading coefficient wrt lexicographic ordering of 
variables. Note that, for i £ [k], 7Tj still r(X)-matches t(L c k (Ti)), r(L^(Tj)) with the same 
scaling factor (if 7Ti(£) £ c^£ + K then T(-Ki(£)) G c^t(£) + t{K)). This means that the lead- 
ing coefficient of r(M(L^(Tj))) is sc(7Tj) • a\ =: cti, for all i > 1. Thus, we have pinpointed 
the coefficient of n^eL c (Ti) x if m t (-^(-^k(^))) as a «> f° r au * e Now compare the 
coefficients of n^eL c (Ti) x > m t ne identity r(C) = 0. This gives X)ie[fc] tti ' T (^(^K(Ti))) 
= 0. Applying the inverse of r, we get the nucleus identity. □ 



In Lemma 41 we have already come across a cancellation rule for non-zerodi visors. Here 



we see a situation in which it is stronger. 

Lemma 47 (Cancellation). Let K be sovne subspace of L^Fty and let £\ , . . . , £ m G L(R)\K 
be linearly independent modulo K. Let fi, ■ ■ ■ , f m be multiplication terms similar to powers 
of £i, . . . ,£ m respectively modulo K (i.e. each form in fi is in (¥*£i + K) ). Let £ G L(R)* 
such that for some s G [m], £ G ¥£ s + K . Then, for any polynomial f G R, 

?f G (fl,---,fm) iff f 6 J", f m )- 

gcd( f s ,£) 

Proof. Suppose £f G (/i, . . . , / m ). Then, by definition, there exist q's in i? such that, 

rn 

(12) */ = J>/i. 

Additionally assume these g^-s to be such that the set J := {j G [m] \ {s} | £ \ qj} is the 
smallest possible. If £\qi, for all i G [m] \ {s}, then has to divide q s f s . This means that 
£ has to divide q s gcd(£, / s ), thus we get, 



/ y + 



Qs gcd(£, f s ) f s 



i£[m]\{s} 

and we are done. 

So the remaining case is when the set J := {j G [m] \ {s} \ £ \ qj} is nonempty. Fix 
an element j* G J. Consider ideal / := ({£, f s } U {fj\j* ^ j G J}). Reducing Equation 



(12) modulo / we get, qj*fj* = 0(mod I). Note that radsp(I) Q K + sp({£j\j* / j 6 
[mj}) while each form in L(fj*) is in (F*£j* + .fT) disjoint from radsp(I), thus by Lemma 
|4T| we can drop fj* from the last congruence and get qj* G /. This means qj* fj* G 
\\^fj*^fs} U {fj\j* 7^ i € J}). We plug this in the j*-th summand of Equation (12) and 
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after simplifications get (verify that the [m] \ ({s} U J) summands are unaffected): 

m 
i=l 

'/:/.- • !''/.;•)./> • E + E ^ 

ieJ\{i*l je[m]\({s}uj) 

Notice that for j G [m] \ ({s} U J), £ divides qj, thus the above equation contradicts the 
assumed minimality of J. This shows that J was empty to begin with, thus finishing the 
proof. □ 



